Merge branch 'ingress-pull-secret-credentials' into 'main'

robertpatrick · robertpatrick · commit 0c47205b65e8 · 2025-12-11T22:57:06.000Z
Ingress pull secret credentials

See merge request weblogic-cloud/weblogic-toolkit-ui!446
diff --git a/electron/app/locales/en/webui.json b/electron/app/locales/en/webui.json
@@ -912,17 +912,16 @@
   "ingress-design-nginx-allow-passthrough-help": "Enable this allows creating SSL pass through ingress transport to the target service.",
   "ingress-design-specify-docker-registry-secret-label": "Use Docker Hub Secret",
   "ingress-design-specify-docker-registry-secret-help": "Whether to use a Docker Hub credential secret to pull the ingress controller image.  This is helpful if you encounter a Docker Hub pull limit exceeded error.",
-  "ingress-design-ingress-docker-reg-secret-name": "Docker Registry Secret Name",
+  "ingress-design-ingress-docker-reg-secret-name": "Docker Hub Registry Secret Name",
   "ingress-design-ingress-docker-reg-secret-name-help": "The Kubernetes secret name to use when pulling images from Docker Hub. Note that the secret must exist in the same namespace as the ingress controller.",
   "ingress-design-create-docker-registry-secret-label": "Create Docker Hub Secret",
   "ingress-design-create-docker-registry-secret-help": "Whether to create a new Docker Hub credential secret or use an existing secret.",
-  "ingress-design-ingress-docker-reg-secret-userid": "Docker Hub Username",
-  "ingress-design-ingress-docker-reg-secret-userid-help": "The user name used to log in to Docker Hub.",
-  "ingress-design-ingress-docker-reg-secret-userpwd": "Docker Hub User Password",
-  "ingress-design-ingress-docker-reg-secret-userpwd-help": "The password used to log in to Docker Hub.",
-  "ingress-design-ingress-docker-reg-secret-useremail": "Docker Hub Email Address",
-  "ingress-design-ingress-docker-reg-secret-useremail-help": "The email address of the user logging in to Docker Hub.",
+  "ingress-design-ingress-image-registry-pull-credentials-label": "Docker Hub Image Registry Pull Credentials",
+  "ingress-design-ingress-image-registry-pull-credentials-help": "The Image Registry Credential to use to log in to Docker Hub.",
+  "ingress-design-image-registry-add-credentials": "Add Image Registry Credentials",
   "ingress-design-route-get-services-title": "Getting services for namespace {{namespace}}",
+  "ingress-design-image-registry-pull-credentials-label": "Docker Hub Image Registry Pull Credentials",
+  "ingress-design-image-registry-pull-credentials-help": "The image registry credentials to use to pull the ingress controller image from Docker Hub",
 
   "ingress-design-ingress-routes-title": "Ingress Routes Configuration",
   "ingress-design-ingress-route-virtualhost-label": "Virtual Host",
@@ -1019,6 +1018,7 @@
   "ingress-installer-install-failed-title": "Ingress Controller Installation Failed",
   "ingress-installer-install-failed-error-message":"Installing ingress controller {{name}} to Kubernetes namespace {{namespace}} failed: {{error}}.",
   "ingress-installer-install-catch-all-error-message": "Ingress Controller installation failed with an unexpected error: {{error}}.",
+  "ingress-installer-create-image-pull-secret-error-message": "Unable to install ingress controller in Kubernetes due to an error creating the image pull secret {{secretName}} in the Kubernetes namespace {{namespace}}: {{error}}",
 
   "ingress-uninstaller-aborted-error-title": "Ingress Controller Uninstall Aborted",
   "ingress-uninstaller-not-install-message": "The Install Ingress Controller option is off so there is nothing to do.",
diff --git a/webui/src/js/models/ingress-definition.js b/webui/src/js/models/ingress-definition.js
@@ -31,10 +31,7 @@ define(['knockout', 'utils/observable-properties', 'utils/validation-helper'],
         this.dockerRegSecretName = props.createProperty('dockerhub');
         this.dockerRegSecretName.addValidator(...validationHelper.getK8sNameValidators());
 
-        this.dockerRegSecretUserId = props.createProperty('').asCredential();
-        this.dockerRegSecretUserPwd = props.createProperty('').asCredential();
-        this.dockerRegSecretUserEmail = props.createProperty('');
-        this.dockerRegSecretUserEmail.addValidator(...validationHelper.getEmailAddressValidators());
+        this.dockerRegImageCredentialReference = props.createProperty('');
 
         this.createDockerRegSecret = props.createProperty(false);
         this.specifyDockerRegSecret = props.createProperty(false);
diff --git a/webui/src/js/models/wkt-project.js b/webui/src/js/models/wkt-project.js
@@ -256,6 +256,14 @@ function (ko, wdtConstructor, imageConstructor, kubectlConstructor, domainConstr
           'auxImageRegistryPullCredentialsReference', 'auxImageTag',
           'image', 'auxImageRegistryPullEmail');
       }
+      if ('ingress' in wktProjectJson) {
+        // This use case is using the default traefik image from Docker Hub so no need for an address...
+        //
+        this._processNewPayloadEntry(containerImageRegistriesCredentials, wktProjectJson, 'ingress',
+          'dockerRegSecretUserId', 'dockerRegSecretUserPwd',
+          'dockerRegImageCredentialReference', undefined, undefined,
+          'dockerRegSecretUserEmail');
+      }
 
       // If there are any new entries, add the section to the project settings JSON.
       if (Object.keys(containerImageRegistriesCredentials).length > 0) {
@@ -265,6 +273,21 @@ function (ko, wdtConstructor, imageConstructor, kubectlConstructor, domainConstr
         wktProjectJson['settings']['containerImageRegistriesCredentials'] = containerImageRegistriesCredentials;
       }
 
+      // delete old email address fields for pull secrets
+      //
+      if ('k8sDomain' in wktProjectJson) {
+        if ('imageRegistryPullEmail' in wktProjectJson['k8sDomain']) {
+          delete wktProjectJson['k8sDomain']['imageRegistryPullEmail'];
+        }
+        if ('auxImageRegistryPullEmail' in wktProjectJson['k8sDomain']) {
+          delete wktProjectJson['k8sDomain']['auxImageRegistryPullEmail'];
+        }
+      }
+      if ('ingress' in wktProjectJson) {
+        if ('dockerRegSecretUserEmail' in wktProjectJson['ingress']) {
+          delete wktProjectJson['ingress']['dockerRegSecretUserEmail'];
+        }
+      }
 
       // Now, update the credentialPaths array to remove references to the old fields.
       // The new fields will be added during save...
@@ -313,6 +336,11 @@ function (ko, wdtConstructor, imageConstructor, kubectlConstructor, domainConstr
               case 'k8sDomain.auxImageRegistryPullPassword':
                 pathsToDelete.push('k8sDomain.auxImageRegistryPullPassword');
                 break;
+              case 'ingress.dockerRegSecretUserId':
+                pathsToDelete.push('ingress.dockerRegSecretUserId');
+                break;
+              case 'ingress.dockerRegSecretUserPwd':
+                pathsToDelete.push('ingress.dockerRegSecretUserPwd');
             }
           }
           if (pathsToDelete.length > 0) {
diff --git a/webui/src/js/utils/ingress-controller-installer.js b/webui/src/js/utils/ingress-controller-installer.js
@@ -136,11 +136,13 @@ function(IngressActionsBase, project, wktConsole, k8sHelper, i18n, dialogHelper,
           if (ingressControllerProvider === 'traefik' || ingressControllerProvider === 'voyager' ) {
             // create image pull secret for pulling Traefik or Voyager images.
             if (this.project.ingress.createDockerRegSecret.value === true && secretName) {
+              const credentials =
+                this.getImageRegistryCredential(this.project.ingress.dockerRegImageCredentialReference.value);
               const secretData = {
-                server: 'docker.io',
-                username: this.project.ingress.dockerRegSecretUserId.value,
-                email: this.project.ingress.dockerRegSecretUserEmail.value,
-                password: this.project.ingress.dockerRegSecretUserPwd.value
+                server: credentials.address || 'docker.io',
+                username: credentials.username,
+                email: credentials.email,
+                password: credentials.password
               };
               const secretStatus = await this.createPullSecret(kubectlExe, kubectlOptions, ingressControllerNamespace,
                 secretName, secretData, errTitle, errPrefix);
@@ -218,12 +220,22 @@ function(IngressActionsBase, project, wktConsole, k8sHelper, i18n, dialogHelper,
               this.project.ingress.dockerRegSecretName.validate(true), ingressFormConfig);
 
             if (this.project.ingress.createDockerRegSecret.value === true) {
-              validationObject.addField('ingress-design-ingress-docker-reg-secret-useremail',
-                this.project.ingress.dockerRegSecretUserEmail.validate(true), ingressFormConfig);
-              validationObject.addField('ingress-design-ingress-docker-reg-secret-userid',
-                validationHelper.validateRequiredField(this.project.ingress.dockerRegSecretUserId.value), ingressFormConfig);
-              validationObject.addField('ingress-design-ingress-docker-reg-secret-userpwd',
-                validationHelper.validateRequiredField(this.project.ingress.dockerRegSecretUserPwd.value), ingressFormConfig);
+              validationObject.addField('ingress-design-image-registry-pull-credentials-label',
+                validationHelper.validateRequiredField(this.project.ingress.dockerRegImageCredentialReference.value),
+                ingressFormConfig);
+
+              const credentials =
+                this.getImageRegistryCredential(this.project.ingress.dockerRegImageCredentialReference.value);
+              if (credentials) {
+                const projectSettingsFormConfig = validationObject.getDefaultConfigObject();
+                projectSettingsFormConfig.formName = 'project-settings-form-name';
+                validationObject.addField('project-settings-container-image-registries-credentials-email-heading',
+                  validationHelper.validateRequiredField(credentials.email), projectSettingsFormConfig);
+                validationObject.addField('project-settings-container-image-registries-credentials-username-heading',
+                  validationHelper.validateRequiredField(credentials.username), projectSettingsFormConfig);
+                validationObject.addField('project-settings-container-image-registries-credentials-password-heading',
+                  validationHelper.validateRequiredField(credentials.password), projectSettingsFormConfig);
+              }
             }
           }
         }
diff --git a/webui/src/js/utils/ingress-install-script-generator.js b/webui/src/js/utils/ingress-install-script-generator.js
@@ -59,7 +59,11 @@ define(['models/wkt-project', 'utils/script-generator-base', 'utils/helm-helper'
         this.adapter.addVariableDefinition('DOCKER_HUB_SECRET_NAME', this.project.ingress.dockerRegSecretName.value);
         this.adapter.addVariableDefinition('DOCKER_HUB_USER', this.credentialMask);
         this.adapter.addVariableDefinition('DOCKER_HUB_PASS', this.credentialMask);
-        this.adapter.addVariableDefinition('DOCKER_HUB_EMAIL', this.project.ingress.dockerRegSecretUserEmail.value);
+        const dockerRegImageCredentialReference =
+          this.getImageRegistryCredential(this.project.ingress.dockerRegImageCredentialReference.value);
+        const email =
+          !!dockerRegImageCredentialReference ? (dockerRegImageCredentialReference.email || '') : '';
+        this.adapter.addVariableDefinition('DOCKER_HUB_EMAIL', email);
         this.adapter.addEmptyLine();
 
         comment = [ 'If not using an external load balancer, the ingress controller service type to use (e.g., NodePort)' ];
diff --git a/webui/src/js/viewModels/ingress-design-view-impl.js b/webui/src/js/viewModels/ingress-design-view-impl.js
@@ -34,6 +34,10 @@ function(i18n, accUtils, ko, ArrayDataProvider, BufferingDataProvider, project,
       return i18n.t(key);
     };
 
+    this.imageLabelMapper = (labelId, payload) => {
+      return i18n.t(`image-design-${labelId}`, payload);
+    };
+
     this.anyLabelMapper = (labelId, arg) => {
       return i18n.t(labelId, arg);
     };
@@ -64,6 +68,12 @@ function(i18n, accUtils, ko, ArrayDataProvider, BufferingDataProvider, project,
       return project.ingress.specifyDockerRegSecret.value && project.ingress.createDockerRegSecret.value;
     };
 
+    this.imageRegistriesCredentialsDP = new BufferingDataProvider(new ArrayDataProvider(
+      this.project.settings.containerImageRegistriesCredentials.observable, { keyAttributes: 'uid' }));
+    this.getImageRegistriesCredentialsItemText = (itemContext) => {
+      return itemContext.data.name;
+    };
+
     this.voyagerProviders = [
       {key: 'OKE', label: this.anyLabelMapper('kubectl-list-okeTitle')},
       {key: 'AKS', label: this.anyLabelMapper('kubectl-list-aksTitle')},
@@ -263,6 +273,10 @@ function(i18n, accUtils, ko, ArrayDataProvider, BufferingDataProvider, project,
     this.getEnabledText = (value) => {
       return this.anyLabelMapper(value ? 'dialog-button-yes' : 'dialog-button-no');
     };
+
+    this.editImageRegistryCredentials = () => {
+      dialogHelper.openDialog('registry-credentials-dialog', {});
+    };
   }
 
   /*
diff --git a/webui/src/js/views/ingress-design-view.html b/webui/src/js/views/ingress-design-view.html
@@ -82,26 +82,17 @@ <h6 class="wkt-subheading">
           </oj-bind-if>
           <div>
             <oj-bind-if test="[[createDockerHubSecret() === true]]">
-              <oj-input-text label-hint="[[labelMapper('ingress-docker-reg-secret-useremail')]]"
-                             value="{{project.ingress.dockerRegSecretUserEmail.observable}}"
-                             help.instruction="[[labelMapper('ingress-docker-reg-secret-useremail-help')]]">
-              </oj-input-text>
-            </oj-bind-if>
-
-            <oj-bind-if test="[[createDockerHubSecret() === true]]">
-              <oj-input-password label-hint="[[labelMapper('ingress-docker-reg-secret-userid')]]"
-                                 value="{{project.ingress.dockerRegSecretUserId.observable}}"
-                                 mask-icon="visible"
-                                 help.instruction="[[labelMapper('ingress-docker-reg-secret-userid-help')]]">
-              </oj-input-password>
-            </oj-bind-if>
-
-            <oj-bind-if test="[[createDockerHubSecret() === true]]">
-              <oj-input-password label-hint="[[labelMapper('ingress-docker-reg-secret-userpwd')]]"
-                                 value="{{project.ingress.dockerRegSecretUserPwd.observable}}"
-                                 mask-icon="visible"
-                                 help.instruction="[[labelMapper('ingress-docker-reg-secret-userpwd-help')]]">
-              </oj-input-password>
+              <oj-select-single label-hint="[[labelMapper('image-registry-pull-credentials-label')]]"
+                                value="{{project.ingress.dockerRegImageCredentialReference.observable}}"
+                                data="[[imageRegistriesCredentialsDP]]"
+                                item-text="[[getImageRegistriesCredentialsItemText]]"
+                                help.instruction="[[labelMapper('image-registry-pull-credentials-help')]]">
+              </oj-select-single>
+              <oj-button class="wkt-button-below"
+                         label="[[imageLabelMapper('image-registry-add-credentials')]]"
+                         chroming="callToAction"
+                         on-oj-action="[[editImageRegistryCredentials]]">
+              </oj-button>
             </oj-bind-if>
           </div>
         </oj-form-layout>
