srl-labs · carlmontanari · Dec 17, 2023 · Dec 17, 2023 · Dec 17, 2023
diff --git a/apis/v1alpha1/configspec.go b/apis/v1alpha1/configspec.go
@@ -91,4 +91,14 @@ type ConfigImagePull struct {
 	// +kubebuilder:validation:Enum=containerd
 	// +optional
 	CRIKindOverride string `json:"criKindOverride,omitempty"`
+	// DockerDaemonConfig allows for setting a default docker daemon config for launcher pods
+	// with the specified secret. The secret *must be present in the namespace of any given
+	// topology* -- so if you are configuring this at the "global config" level, ensure that you are
+	// deploying topologies into a specific namespace, or have ensured there is a secret of the
+	// given name in every namespace you wish to deploy a topology to. When set, insecure registries
+	// config option is ignored as it is assumed you are handling that in the given docker config.
+	// Note that the secret *must* contain a key "daemon.json" -- as this secret will be mounted to
+	// /etc/docker and docker will be expecting the config at /etc/docker/daemon.json.
+	// +optional
+	DockerDaemonConfig string `json:"dockerDaemonConfig,omitempty"`
 }
diff --git a/apis/v1alpha1/topologyspec.go b/apis/v1alpha1/topologyspec.go
@@ -187,4 +187,10 @@ type ImagePull struct {
 	// +listType=set
 	// +optional
 	PullSecrets []string `json:"pullSecrets"`
+	// DockerDaemonConfig allows for setting the docker daemon config for all launchers in this
+	// topology. The secret *must be present in the namespace of this topology*. The secret *must*
+	// contain a key "daemon.json" -- as this secret will be mounted to /etc/docker and docker will
+	// be expecting the config at /etc/docker/daemon.json.
+	// +optional
+	DockerDaemonConfig string `json:"dockerDaemonConfig,omitempty"`
 }
diff --git a/assets/crd/clabernetes.containerlab.dev_configs.yaml b/assets/crd/clabernetes.containerlab.dev_configs.yaml
@@ -226,6 +226,20 @@ spec:
                       maybe crio support will be added.
                     pattern: (.*containerd\.sock)
                     type: string
+                  dockerDaemonConfig:
+                    description: DockerDaemonConfig allows for setting a default docker
+                      daemon config for launcher pods with the specified secret. The
+                      secret *must be present in the namespace of any given topology*
+                      -- so if you are configuring this at the "global config" level,
+                      ensure that you are deploying topologies into a specific namespace,
+                      or have ensured there is a secret of the given name in every
+                      namespace you wish to deploy a topology to. When set, insecure
+                      registries config option is ignored as it is assumed you are
+                      handling that in the given docker config. Note that the secret
+                      *must* contain a key "daemon.json" -- as this secret will be
+                      mounted to /etc/docker and docker will be expecting the config
+                      at /etc/docker/daemon.json.
+                    type: string
                   pullThroughOverride:
                     description: PullThroughOverride allows for overriding the image
                       pull through mode for this particular topology.

diff --git a/assets/crd/clabernetes.containerlab.dev_topologies.yaml b/assets/crd/clabernetes.containerlab.dev_topologies.yaml
@@ -294,6 +294,14 @@ spec:
                 description: ImagePull holds configurations relevant to how clabernetes
                   launcher pods handle pulling images.
                 properties:
+                  dockerDaemonConfig:
+                    description: DockerDaemonConfig allows for setting the docker
+                      daemon config for all launchers in this topology. The secret
+                      *must be present in the namespace of this topology*. The secret
+                      *must* contain a key "daemon.json" -- as this secret will be
+                      mounted to /etc/docker and docker will be expecting the config
+                      at /etc/docker/daemon.json.
+                    type: string
                   insecureRegistries:
                     description: InsecureRegistries is a slice of strings of insecure
                       registries to configure in the launcher pods.

diff --git a/charts/clabernetes/crds/clabernetes.containerlab.dev_configs.yaml b/charts/clabernetes/crds/clabernetes.containerlab.dev_configs.yaml
@@ -226,6 +226,20 @@ spec:
                       maybe crio support will be added.
                     pattern: (.*containerd\.sock)
                     type: string
+                  dockerDaemonConfig:
+                    description: DockerDaemonConfig allows for setting a default docker
+                      daemon config for launcher pods with the specified secret. The
+                      secret *must be present in the namespace of any given topology*
+                      -- so if you are configuring this at the "global config" level,
+                      ensure that you are deploying topologies into a specific namespace,
+                      or have ensured there is a secret of the given name in every
+                      namespace you wish to deploy a topology to. When set, insecure
+                      registries config option is ignored as it is assumed you are
+                      handling that in the given docker config. Note that the secret
+                      *must* contain a key "daemon.json" -- as this secret will be
+                      mounted to /etc/docker and docker will be expecting the config
+                      at /etc/docker/daemon.json.
+                    type: string
                   pullThroughOverride:
                     description: PullThroughOverride allows for overriding the image
                       pull through mode for this particular topology.

diff --git a/charts/clabernetes/crds/clabernetes.containerlab.dev_topologies.yaml b/charts/clabernetes/crds/clabernetes.containerlab.dev_topologies.yaml
@@ -294,6 +294,14 @@ spec:
                 description: ImagePull holds configurations relevant to how clabernetes
                   launcher pods handle pulling images.
                 properties:
+                  dockerDaemonConfig:
+                    description: DockerDaemonConfig allows for setting the docker
+                      daemon config for all launchers in this topology. The secret
+                      *must be present in the namespace of this topology*. The secret
+                      *must* contain a key "daemon.json" -- as this secret will be
+                      mounted to /etc/docker and docker will be expecting the config
+                      at /etc/docker/daemon.json.
+                    type: string
                   insecureRegistries:
                     description: InsecureRegistries is a slice of strings of insecure
                       registries to configure in the launcher pods.

diff --git a/config/fake.go b/config/fake.go
@@ -66,6 +66,10 @@ func (f fakeManager) GetImagePullCriKindOverride() string {
 	return ""
 }
 
+func (f fakeManager) GetDockerDaemonConfig() string {
+	return ""
+}
+
 func (f fakeManager) GetLauncherImagePullPolicy() string {
 	return clabernetesconstants.KubernetesImagePullIfNotPresent
 }

diff --git a/config/get.go b/config/get.go
@@ -106,6 +106,13 @@ func (m *manager) GetImagePullCriKindOverride() string {
 	return m.config.ImagePull.CRIKindOverride
 }
 
+func (m *manager) GetDockerDaemonConfig() string {
+	m.lock.RLock()
+	defer m.lock.RUnlock()
+
+	return m.config.ImagePull.DockerDaemonConfig
+}
+
 func (m *manager) GetLauncherImage() string {
 	m.lock.RLock()
 	defer m.lock.RUnlock()

diff --git a/config/manager.go b/config/manager.go
@@ -130,6 +130,8 @@ type Manager interface {
 	GetImagePullCriSockOverride() string
 	// GetImagePullCriKindOverride returns the cri kind override.
 	GetImagePullCriKindOverride() string
+	// GetDockerDaemonConfig returns the secret name to mount in /etc/docker.
+	GetDockerDaemonConfig() string
 	// GetLauncherImage returns the global default launcher image.
 	GetLauncherImage() string
 	// GetLauncherImagePullPolicy returns the global default launcher image pull policy.

diff --git a/controllers/topology/deployment.go b/controllers/topology/deployment.go
@@ -216,6 +216,37 @@ func (r *DeploymentReconciler) renderDeploymentVolumes(
 		)
 	}
 
+	dockerDaemonConfigSecret := owningTopology.Spec.ImagePull.DockerDaemonConfig
+	if dockerDaemonConfigSecret == "" {
+		dockerDaemonConfigSecret = r.configManagerGetter().GetDockerDaemonConfig()
+	}
+
+	if dockerDaemonConfigSecret != "" {
+		volumes = append(
+			volumes,
+			k8scorev1.Volume{
+				Name: "docker-daemon-config",
+				VolumeSource: k8scorev1.VolumeSource{
+					Secret: &k8scorev1.SecretVolumeSource{
+						SecretName: dockerDaemonConfigSecret,
+						DefaultMode: clabernetesutil.ToPointer(
+							int32(clabernetesconstants.PermissionsEveryoneRead),
+						),
+					},
+				},
+			},
+		)
+
+		volumeMountsFromCommonSpec = append(
+			volumeMountsFromCommonSpec,
+			k8scorev1.VolumeMount{
+				Name:      "docker-daemon-config",
+				ReadOnly:  true,
+				MountPath: "/etc/docker",
+			},
+		)
+	}
+
 	volumesFromConfigMaps := make([]clabernetesapisv1alpha1.FileFromConfigMap, 0)
 
 	volumesFromConfigMaps = append(

diff --git a/controllers/topology/deployment_test.go b/controllers/topology/deployment_test.go
@@ -433,6 +433,66 @@ func TestRenderDeployment(t *testing.T) {
 			},
 			nodeName: "srl1",
 		},
+		{
+			name: "docker-daemon",
+			owningTopology: &clabernetesapisv1alpha1.Topology{
+				ObjectMeta: metav1.ObjectMeta{
+					Name:      "render-deployment-test",
+					Namespace: "clabernetes",
+				},
+				Spec: clabernetesapisv1alpha1.TopologySpec{
+					ImagePull: clabernetesapisv1alpha1.ImagePull{
+						DockerDaemonConfig: "sneakydockerdaemonconfig",
+					},
+					Definition: clabernetesapisv1alpha1.Definition{
+						Containerlab: `---
+		   name: test
+		   topology:
+		     nodes:
+		       srl1:
+		         kind: srl
+		         image: ghcr.io/nokia/srlinux
+		`,
+					},
+				},
+			},
+			clabernetesConfigs: map[string]*clabernetesutilcontainerlab.Config{
+				"srl1": {
+					Name:   "srl1",
+					Prefix: clabernetesutil.ToPointer(""),
+					Topology: &clabernetesutilcontainerlab.Topology{
+						Defaults: &clabernetesutilcontainerlab.NodeDefinition{
+							Ports: []string{
+								"21022:22/tcp",
+								"21023:23/tcp",
+								"21161:161/udp",
+								"33333:57400/tcp",
+								"60000:21/tcp",
+								"60001:80/tcp",
+								"60002:443/tcp",
+								"60003:830/tcp",
+								"60004:5000/tcp",
+								"60005:5900/tcp",
+								"60006:6030/tcp",
+								"60007:9339/tcp",
+								"60008:9340/tcp",
+								"60009:9559/tcp",
+							},
+						},
+						Kinds: nil,
+						Nodes: map[string]*clabernetesutilcontainerlab.NodeDefinition{
+							"srl1": {
+								Kind:  "srl",
+								Image: "ghcr.io/nokia/srlinux",
+							},
+						},
+						Links: nil,
+					},
+					Debug: false,
+				},
+			},
+			nodeName: "srl1",
+		},
 	}
 
 	for _, testCase := range cases {