fix(core): Fix docker hub registry configuration

* change default secret generation from CLI for Jib compatibility * update documentation with configuration for docker hub registry
apache · Jan 11, 2024 · 9d2f52a · 9d2f52a
1 parent 0b0eb35
commit 9d2f52a
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 15 deletions.
diff --git a/docs/modules/ROOT/pages/installation/registry/dockerhub.adoc b/docs/modules/ROOT/pages/installation/registry/dockerhub.adoc
@@ -13,8 +13,9 @@ kamel install --registry docker.io --organization your-user-id-or-org --registry
 The `--registry-auth-username` and `--registry-auth-password` flags are used by the `kamel` CLI to create a Kubernetes secret
 that holds your credentials for authenticating against the Docker registry.
 
-In the general case, the `--registry-auth-server` should be used, but it can be omitted for Docker Hub because it's
-automatically set to `https://index.docker.io/v1/`.
+In the general case, the `--registry-auth-server` should be used ad it's automatically set to `https://index.docker.io/v1/`. Depending on the xref:installation/registry/registry.adoc[publish strategy] you are using you will need to adapt you credentials with the `--registry-auth-server` flag. **Spectrum** expect `https://index.docker.io/v1/` while **Jib** expect `docker.io`.
+
+NOTE: **Jib** works with Docker Hub in API v2 out of the box while **Spectrum** needs some adaptations for it to work.
 
 == Alternative Methods
 
@@ -26,6 +27,7 @@ Or you can also decide to create it using `kubectl`, with the following command:
 kubectl create secret docker-registry your-secret-name --docker-username your-user --docker-password your-pass
 ----
 
+
 Another possibility is to upload to the cluster your entire list of push/pull secrets:
 
 [source,bash]
@@ -42,3 +44,5 @@ After you've created the secret, you can link it to Camel K during installation:
 ----
 kamel install --registry docker.io --organization your-user-id-or-org --registry-secret your-secret-name
 ----
+
+As with the default method, this depends on the xref:installation/registry/registry.adoc[publish strategy] you are using. So make sure any credential contains the valid authentication servers: `https://index.docker.io/v1/` for **Spectrum** and `docker.io` for **Jib**.
diff --git a/pkg/util/registry/registry.go b/pkg/util/registry/registry.go
@@ -25,14 +25,15 @@ import (
 	"fmt"
 	"os"
 	"path/filepath"
+	"strings"
 
 	"github.com/apache/camel-k/v2/pkg/client"
 	"go.uber.org/multierr"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
 var knownServersByRegistry = map[string]string{
-	"docker.io": "https://index.docker.io/v1/",
+	"docker.io": "https://index.docker.io/v1/,docker.io",
 }
 
 // Auth contains basic information for authenticating against a container registry.
@@ -64,7 +65,8 @@ func (a Auth) IsSet() bool {
 
 // validate checks if all fields are populated correctly.
 func (a Auth) validate() error {
-	if a.getActualServer() == "" || a.Username == "" {
+	actualSevers := a.getActualServers()
+	if len(actualSevers) < 1 || a.Username == "" {
 		return errors.New("not enough information to generate a registry authentication file")
 	}
 
@@ -82,24 +84,26 @@ func (a Auth) GenerateDockerConfig() ([]byte, error) {
 }
 
 func (a Auth) generateDockerConfigObject() DockerConfigList {
-	return DockerConfigList{
-		map[string]DockerConfig{
-			a.getActualServer(): {
-				Auth: a.encodedCredentials(),
-			},
-		},
+	dockerConfigs := make(map[string]DockerConfig)
+	for _, server := range a.getActualServers() {
+		dockerConfigs[server] = DockerConfig{Auth: a.encodedCredentials()}
 	}
+	return DockerConfigList{Auths: dockerConfigs}
 }
 
-func (a Auth) getActualServer() string {
+func (a Auth) getActualServers() []string {
 	if a.Server != "" {
-		return a.Server
+		return []string{a.Server}
 	}
 	if p, ok := knownServersByRegistry[a.Registry]; ok {
-		return p
+		return strings.Split(p, ",")
 	}
 
-	return a.Registry
+	if a.Registry != "" {
+		return []string{a.Registry}
+	}
+
+	return nil
 }
 
 func (a Auth) encodedCredentials() string {

diff --git a/pkg/util/registry/registry_test.go b/pkg/util/registry/registry_test.go
@@ -36,7 +36,8 @@ func TestAuth_GenerateDockerConfig(t *testing.T) {
 	}
 	conf, err := a.GenerateDockerConfig()
 	assert.Nil(t, err)
-	assert.Equal(t, `{"auths":{"https://index.docker.io/v1/":{"auth":"bmljOg=="}}}`, string(conf))
+	assert.Contains(t, string(conf), `"https://index.docker.io/v1/":{"auth":"bmljOg=="}`)
+	assert.Contains(t, string(conf), `"docker.io":{"auth":"bmljOg=="}`)
 
 	a = Auth{
 		Username: "nic",