copy pull secret file into the VM

anjannath · anjannath · commit 607c11f7ca7b · 2025-01-15T12:51:06.000+05:30
this removes code adding the pull-secret to the
cluster using `oc`, instead it copies the  pull
secret file to /opt/crc/crc-pullsecret which is
then used by a systemd service in the bundle to
add the pull secret to the cluster for both the
openshift and microshift presets
diff --git a/pkg/crc/cluster/cluster.go b/pkg/crc/cluster/cluster.go
@@ -3,7 +3,6 @@ package cluster
 import (
 	"context"
 	"crypto/x509"
-	"encoding/base64"
 	"encoding/json"
 	"fmt"
 	"math"
@@ -180,40 +179,6 @@ func EnsureSSHKeyPresentInTheCluster(ctx context.Context, ocConfig oc.Config, ss
 	return nil
 }
 
-func EnsurePullSecretPresentInTheCluster(ctx context.Context, ocConfig oc.Config, pullSec PullSecretLoader) error {
-	if err := WaitForOpenshiftResource(ctx, ocConfig, "secret"); err != nil {
-		return err
-	}
-
-	stdout, stderr, err := ocConfig.RunOcCommandPrivate("get", "secret", "pull-secret", "-n", "openshift-config", "-o", `jsonpath="{['data']['\.dockerconfigjson']}"`)
-	if err != nil {
-		return fmt.Errorf("Failed to get pull secret %v: %s", err, stderr)
-	}
-	decoded, err := base64.StdEncoding.DecodeString(stdout)
-	if err != nil {
-		return err
-	}
-	if err := validation.ImagePullSecret(string(decoded)); err == nil {
-		return nil
-	}
-
-	logging.Info("Adding user's pull secret to the cluster...")
-	content, err := pullSec.Value()
-	if err != nil {
-		return err
-	}
-	base64OfPullSec := base64.StdEncoding.EncodeToString([]byte(content))
-	cmdArgs := []string{"patch", "secret", "pull-secret", "-p",
-		fmt.Sprintf(`'{"data":{".dockerconfigjson":"%s"}}'`, base64OfPullSec),
-		"-n", "openshift-config", "--type", "merge"}
-
-	_, stderr, err = ocConfig.RunOcCommandPrivate(cmdArgs...)
-	if err != nil {
-		return fmt.Errorf("Failed to add Pull secret %v: %s", err, stderr)
-	}
-	return nil
-}
-
 func EnsureGeneratedClientCAPresentInTheCluster(ctx context.Context, ocConfig oc.Config, sshRunner *ssh.Runner, selfSignedCACert *x509.Certificate, adminCert string) error {
 	selfSignedCAPem := crctls.CertToPem(selfSignedCACert)
 	if err := WaitForOpenshiftResource(ctx, ocConfig, "configmaps"); err != nil {
diff --git a/pkg/crc/machine/start.go b/pkg/crc/machine/start.go
@@ -521,6 +521,15 @@ func (client *client) Start(ctx context.Context, startConfig types.StartConfig)
 		return nil, errors.Wrap(err, "Failed to check certificate validity")
 	}
 
+	// copy the pull secret into /opt/crc/pull-secret in the instance
+	pullSecret, err := startConfig.PullSecret.Value()
+	if err != nil {
+		return nil, err
+	}
+	if err := sshRunner.CopyDataPrivileged([]byte(pullSecret), "/opt/crc/pull-secret", 0600); err != nil {
+		return nil, errors.Wrap(err, "Unable to send pull-secret to instance")
+	}
+
 	logging.Info("Starting kubelet service")
 	sd := systemd.NewInstanceSystemdCommander(sshRunner)
 	if err := sd.Start("kubelet"); err != nil {
@@ -546,10 +555,6 @@ func (client *client) Start(ctx context.Context, startConfig types.StartConfig)
 		return nil, err
 	}
 
-	if err := cluster.EnsurePullSecretPresentInTheCluster(ctx, ocConfig, startConfig.PullSecret); err != nil {
-		return nil, errors.Wrap(err, "Failed to update cluster pull secret")
-	}
-
 	if err := cluster.EnsureSSHKeyPresentInTheCluster(ctx, ocConfig, constants.GetPublicKeyPath()); err != nil {
 		return nil, errors.Wrap(err, "Failed to update ssh public key to machine config")
 	}
