Add missing online functionality for the image pull secret template functions (#2758)

Author: sgalsaleh

api/controllers/app/install/test_suite.go

@@ -644,8 +644,8 @@ func (s *AppInstallControllerTestSuite) TestInstallApp() {
 				NoProxy:    "localhost,127.0.0.1",
 			},
 			registrySettings: &types.RegistrySettings{
-				HasLocalRegistry: true,
-				Host:             "10.128.0.11:5000",
+				HasLocalRegistry:  true,
+				LocalRegistryHost: "10.128.0.11:5000",
 			},
 			setupMocks: func(acm *appconfig.MockAppConfigManager, arm *appreleasemanager.MockAppReleaseManager, aim *appinstallmanager.MockAppInstallManager) {
 				configValues := kotsv1beta1.ConfigValues{

api/integration/linux/install/appinstall_test.go

@@ -34,6 +34,18 @@ import (
 	"github.com/stretchr/testify/require"
 )
 
+// mockLicense creates a mock license for testing
+func mockLicense() []byte {
+	return []byte(`
+apiVersion: kots.io/v1beta1
+kind: License
+spec:
+  licenseID: "test-license-id-12345"
+  appSlug: "test-app"
+  customerName: "Test Customer"
+`)
+}
+
 // TestGetAppInstallStatus tests the GET /linux/install/app/status endpoint
 func TestGetAppInstallStatus(t *testing.T) {
 	// Create mock helm chart archive
@@ -44,9 +56,11 @@ func TestGetAppInstallStatus(t *testing.T) {
 		HelmChartArchives:     [][]byte{mockChartArchive},
 		EmbeddedClusterConfig: &ecv1beta1.Config{},
 		ChannelRelease: &release.ChannelRelease{
+			AppSlug: "test-app",
 			DefaultDomains: release.Domains{
-				ReplicatedAppDomain: "replicated.example.com",
-				ProxyRegistryDomain: "some-proxy.example.com",
+				ReplicatedAppDomain:      "replicated.example.com",
+				ProxyRegistryDomain:      "some-proxy.example.com",
+				ReplicatedRegistryDomain: "registry.example.com",
 			},
 		},
 		AppConfig: &kotsv1beta1.Config{},
@@ -109,6 +123,7 @@ func TestGetAppInstallStatus(t *testing.T) {
 			linuxinstall.WithAppInstallController(appInstallController),
 			linuxinstall.WithReleaseData(releaseData),
 			linuxinstall.WithRuntimeConfig(runtimeconfig.New(nil)),
+			linuxinstall.WithLicense(mockLicense()),
 		)
 		require.NoError(t, err)
 
@@ -165,6 +180,7 @@ func TestGetAppInstallStatus(t *testing.T) {
 		// Create simple Linux install controller
 		installController, err := linuxinstall.NewInstallController(
 			linuxinstall.WithReleaseData(releaseData),
+			linuxinstall.WithLicense(mockLicense()),
 		)
 		require.NoError(t, err)
 
@@ -228,9 +244,11 @@ func TestPostInstallApp(t *testing.T) {
 	releaseData := &release.ReleaseData{
 		EmbeddedClusterConfig: &ecv1beta1.Config{},
 		ChannelRelease: &release.ChannelRelease{
+			AppSlug: "test-app",
 			DefaultDomains: release.Domains{
-				ReplicatedAppDomain: "replicated.example.com",
-				ProxyRegistryDomain: "some-proxy.example.com",
+				ReplicatedAppDomain:      "replicated.example.com",
+				ProxyRegistryDomain:      "some-proxy.example.com",
+				ReplicatedRegistryDomain: "registry.example.com",
 			},
 		},
 		AppConfig: &kotsv1beta1.Config{},
@@ -320,6 +338,7 @@ func TestPostInstallApp(t *testing.T) {
 			linuxinstall.WithMetricsReporter(mockReporter),
 			linuxinstall.WithReleaseData(releaseData),
 			linuxinstall.WithRuntimeConfig(rc),
+			linuxinstall.WithLicense(mockLicense()),
 		)
 		require.NoError(t, err)
 
@@ -391,6 +410,7 @@ func TestPostInstallApp(t *testing.T) {
 			linuxinstall.WithStateMachine(stateMachine),
 			linuxinstall.WithAppInstallController(appInstallController),
 			linuxinstall.WithReleaseData(releaseData),
+			linuxinstall.WithLicense(mockLicense()),
 		)
 		require.NoError(t, err)
 
@@ -479,6 +499,7 @@ func TestPostInstallApp(t *testing.T) {
 			linuxinstall.WithStore(mockStore),
 			linuxinstall.WithReleaseData(releaseData),
 			linuxinstall.WithRuntimeConfig(rc),
+			linuxinstall.WithLicense(mockLicense()),
 		)
 		require.NoError(t, err)
 
@@ -532,6 +553,7 @@ func TestPostInstallApp(t *testing.T) {
 		// Create simple Linux install controller
 		installController, err := linuxinstall.NewInstallController(
 			linuxinstall.WithReleaseData(releaseData),
+			linuxinstall.WithLicense(mockLicense()),
 		)
 		require.NoError(t, err)
 
@@ -607,6 +629,7 @@ func TestPostInstallApp(t *testing.T) {
 			linuxinstall.WithStateMachine(stateMachine),
 			linuxinstall.WithAppInstallController(appInstallController),
 			linuxinstall.WithReleaseData(releaseData),
+			linuxinstall.WithLicense(mockLicense()),
 		)
 		require.NoError(t, err)
 
@@ -684,6 +707,7 @@ func TestPostInstallApp(t *testing.T) {
 			linuxinstall.WithStateMachine(stateMachine),
 			linuxinstall.WithAppInstallController(appInstallController),
 			linuxinstall.WithReleaseData(releaseData),
+			linuxinstall.WithLicense(mockLicense()),
 		)
 		require.NoError(t, err)
 

api/integration/linux/install/apppreflight_test.go

@@ -238,14 +238,17 @@ func TestPostRunAppPreflights(t *testing.T) {
 			linuxinstall.WithReleaseData(&release.ReleaseData{
 				EmbeddedClusterConfig: &ecv1beta1.Config{},
 				ChannelRelease: &release.ChannelRelease{
+					AppSlug: "test-app",
 					DefaultDomains: release.Domains{
-						ReplicatedAppDomain: "replicated.example.com",
-						ProxyRegistryDomain: "some-proxy.example.com",
+						ReplicatedAppDomain:      "replicated.example.com",
+						ProxyRegistryDomain:      "some-proxy.example.com",
+						ReplicatedRegistryDomain: "registry.example.com",
 					},
 				},
 				AppConfig: &kotsv1beta1.Config{},
 			}),
 			linuxinstall.WithRuntimeConfig(rc),
+			linuxinstall.WithLicense(mockLicense()),
 		)
 		require.NoError(t, err)
 
@@ -295,8 +298,19 @@ func TestPostRunAppPreflights(t *testing.T) {
 			linuxinstall.WithStateMachine(linuxinstall.NewStateMachine(
 				linuxinstall.WithCurrentState(states.StateNew), // Wrong state
 			)),
-			linuxinstall.WithReleaseData(integration.DefaultReleaseData()),
+			linuxinstall.WithReleaseData(&release.ReleaseData{
+				AppConfig: &kotsv1beta1.Config{},
+				ChannelRelease: &release.ChannelRelease{
+					AppSlug: "test-app",
+					DefaultDomains: release.Domains{
+						ReplicatedAppDomain:      "replicated.example.com",
+						ProxyRegistryDomain:      "some-proxy.example.com",
+						ReplicatedRegistryDomain: "registry.example.com",
+					},
+				},
+			}),
 			linuxinstall.WithRuntimeConfig(rc),
+			linuxinstall.WithLicense(mockLicense()),
 		)
 		require.NoError(t, err)
 

api/internal/handlers/kubernetes/install.go

@@ -97,6 +97,8 @@ func (h *Handler) PostRunAppPreflights(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	// TODO: support registry settings
+
 	err = h.installController.RunAppPreflights(r.Context(), appinstall.RunAppPreflightOptions{
 		PreflightBinaryPath: preflightBinary,
 		ProxySpec:           h.cfg.Installation.ProxySpec(),
@@ -300,6 +302,8 @@ func (h *Handler) PostInstallApp(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	// TODO: support registry settings
+
 	err := h.installController.InstallApp(r.Context(), appinstall.InstallAppOptions{
 		IgnoreAppPreflights: req.IgnoreAppPreflights,
 		ProxySpec:           h.cfg.Installation.ProxySpec(),

api/internal/managers/app/release/template_test.go

@@ -724,12 +724,12 @@ spec:
 			},
 			configValues: types.AppConfigValues{},
 			registrySettings: &types.RegistrySettings{
-				HasLocalRegistry:     true,
-				Host:                 "10.128.0.11:5000",
-				Address:              "10.128.0.11:5000/myapp",
-				Namespace:            "myapp",
-				ImagePullSecretName:  "embedded-cluster-registry",
-				ImagePullSecretValue: "dGVzdC1zZWNyZXQtdmFsdWU=",
+				HasLocalRegistry:       true,
+				LocalRegistryHost:      "10.128.0.11:5000",
+				LocalRegistryAddress:   "10.128.0.11:5000/myapp",
+				LocalRegistryNamespace: "myapp",
+				ImagePullSecretName:    "test-app-registry",
+				ImagePullSecretValue:   "dGVzdC1zZWNyZXQtdmFsdWU=",
 			},
 			expected: []*kotsv1beta2.HelmChart{
 				createHelmChartCRFromYAML(`
@@ -746,7 +746,7 @@ spec:
     image:
       repository: "10.128.0.11:5000/myapp/nginx"
     imagePullSecrets:
-      - name: "embedded-cluster-registry"
+      - name: "test-app-registry"
     registry:
       host: "10.128.0.11:5000"
       address: "10.128.0.11:5000/myapp"
@@ -2346,12 +2346,12 @@ spec:
 			},
 			configValues: types.AppConfigValues{},
 			registrySettings: &types.RegistrySettings{
-				HasLocalRegistry:     true,
-				Host:                 "10.128.0.11:5000",
-				Address:              "10.128.0.11:5000/myapp",
-				Namespace:            "myapp",
-				ImagePullSecretName:  "embedded-cluster-registry",
-				ImagePullSecretValue: "dGVzdC1zZWNyZXQtdmFsdWU=",
+				HasLocalRegistry:       true,
+				LocalRegistryHost:      "10.128.0.11:5000",
+				LocalRegistryAddress:   "10.128.0.11:5000/myapp",
+				LocalRegistryNamespace: "myapp",
+				ImagePullSecretName:    "test-app-registry",
+				ImagePullSecretValue:   "dGVzdC1zZWNyZXQtdmFsdWU=",
 			},
 			expectError: false,
 			expected: []types.InstallableHelmChart{
@@ -2363,7 +2363,7 @@ spec:
 							"tag":        "1.20.0",
 						},
 						"imagePullSecrets": []any{
-							map[string]any{"name": "embedded-cluster-registry"},
+							map[string]any{"name": "test-app-registry"},
 						},
 						"registry": map[string]any{
 							"host":      "10.128.0.11:5000",
@@ -2386,7 +2386,7 @@ spec:
       repository: "10.128.0.11:5000/myapp/nginx"
       tag: "1.20.0"
     imagePullSecrets:
-      - name: "embedded-cluster-registry"
+      - name: "test-app-registry"
     registry:
       host: "10.128.0.11:5000"
       address: "10.128.0.11:5000/myapp"

api/internal/managers/linux/installation/config.go

@@ -7,13 +7,16 @@ import (
 	"fmt"
 	"runtime/debug"
 
+	"github.com/replicatedhq/embedded-cluster/api/internal/utils"
 	"github.com/replicatedhq/embedded-cluster/api/types"
 	ecv1beta1 "github.com/replicatedhq/embedded-cluster/kinds/apis/v1beta1"
 	newconfig "github.com/replicatedhq/embedded-cluster/pkg-new/config"
 	"github.com/replicatedhq/embedded-cluster/pkg-new/hostutils"
 	"github.com/replicatedhq/embedded-cluster/pkg/addons/registry"
 	"github.com/replicatedhq/embedded-cluster/pkg/netutils"
 	"github.com/replicatedhq/embedded-cluster/pkg/runtimeconfig"
+	kotsv1beta1 "github.com/replicatedhq/kotskinds/apis/kots/v1beta1"
+	kyaml "sigs.k8s.io/yaml"
 )
 
 func (m *installationManager) GetConfig() (types.LinuxInstallationConfig, error) {
@@ -236,11 +239,37 @@ func (m *installationManager) ConfigureHost(ctx context.Context, rc runtimeconfi
 	return nil
 }
 
-// CalculateRegistrySettings calculates registry settings for airgap installations
+// CalculateRegistrySettings calculates registry settings for both online and airgap installations
 func (m *installationManager) CalculateRegistrySettings(ctx context.Context, rc runtimeconfig.RuntimeConfig) (*types.RegistrySettings, error) {
-	// Only return registry settings for airgap installations
 	if m.airgapBundle == "" {
-		return nil, nil
+		// Online mode: Use replicated proxy registry with license ID authentication
+		ecDomains := utils.GetDomains(m.releaseData)
+
+		// Parse license from bytes
+		if len(m.license) == 0 {
+			return nil, fmt.Errorf("license is required for online registry settings")
+		}
+		license := &kotsv1beta1.License{}
+		if err := kyaml.Unmarshal(m.license, license); err != nil {
+			return nil, fmt.Errorf("parse license: %w", err)
+		}
+
+		// Get app slug for secret name
+		if m.releaseData == nil || m.releaseData.ChannelRelease == nil || m.releaseData.ChannelRelease.AppSlug == "" {
+			return nil, fmt.Errorf("release data with app slug is required for registry settings")
+		}
+		appSlug := m.releaseData.ChannelRelease.AppSlug
+
+		// Create auth config for both proxy and registry domains
+		authConfig := fmt.Sprintf(`{"auths":{"%s":{"username": "LICENSE_ID", "password": "%s"},"%s":{"username": "LICENSE_ID", "password": "%s"}}}`,
+			ecDomains.ProxyRegistryDomain, license.Spec.LicenseID, ecDomains.ReplicatedRegistryDomain, license.Spec.LicenseID)
+		imagePullSecretValue := base64.StdEncoding.EncodeToString([]byte(authConfig))
+
+		return &types.RegistrySettings{
+			HasLocalRegistry:     false,
+			ImagePullSecretName:  fmt.Sprintf("%s-registry", appSlug),
+			ImagePullSecretValue: imagePullSecretValue,
+		}, nil
 	}
 
 	// Use runtime config as the authoritative source for service CIDR
@@ -254,27 +283,27 @@ func (m *installationManager) CalculateRegistrySettings(ctx context.Context, rc
 	// Construct registry host with port
 	registryHost := fmt.Sprintf("%s:5000", registryIP)
 
-	// Get app namespace from release data - required for app preflights
+	// Get app slug for secret name
 	if m.releaseData == nil || m.releaseData.ChannelRelease == nil || m.releaseData.ChannelRelease.AppSlug == "" {
 		return nil, fmt.Errorf("release data with app slug is required for registry settings")
 	}
-	appNamespace := m.releaseData.ChannelRelease.AppSlug
+	appSlug := m.releaseData.ChannelRelease.AppSlug
 
 	// Construct full registry address with namespace
+	appNamespace := appSlug // registry namespace is the same as the app slug in linux target
 	registryAddress := fmt.Sprintf("%s/%s", registryHost, appNamespace)
 
 	// Create image pull secret value using the same pattern as admin console
-	authString := base64.StdEncoding.EncodeToString([]byte(fmt.Sprintf("embedded-cluster:%s", registry.GetRegistryPassword())))
-	authConfig := fmt.Sprintf(`{"auths":{"%s":{"username": "embedded-cluster", "password": "%s", "auth": "%s"}}}`,
-		registryHost, registry.GetRegistryPassword(), authString)
+	authConfig := fmt.Sprintf(`{"auths":{"%s":{"username": "embedded-cluster", "password": "%s"}}}`,
+		registryHost, registry.GetRegistryPassword())
 	imagePullSecretValue := base64.StdEncoding.EncodeToString([]byte(authConfig))
 
 	return &types.RegistrySettings{
-		HasLocalRegistry:     true,
-		Host:                 registryHost,
-		Address:              registryAddress,
-		Namespace:            appNamespace,
-		ImagePullSecretName:  "embedded-cluster-registry",
-		ImagePullSecretValue: imagePullSecretValue,
+		HasLocalRegistry:       true,
+		LocalRegistryHost:      registryHost,
+		LocalRegistryAddress:   registryAddress,
+		LocalRegistryNamespace: appNamespace,
+		ImagePullSecretName:    fmt.Sprintf("%s-registry", appSlug),
+		ImagePullSecretValue:   imagePullSecretValue,
 	}, nil
 }