From 9d2f52a4030e3685d23163c8d43c5b409f4a99a0 Mon Sep 17 00:00:00 2001 From: Gaelle Fournier Date: Fri, 5 Jan 2024 16:57:40 +0100 Subject: [PATCH] fix(core): Fix docker hub registry configuration * change default secret generation from CLI for Jib compatibility * update documentation with configuration for docker hub registry --- .../installation/registry/dockerhub.adoc | 8 ++++-- pkg/util/registry/registry.go | 28 +++++++++++-------- pkg/util/registry/registry_test.go | 3 +- 3 files changed, 24 insertions(+), 15 deletions(-) diff --git a/docs/modules/ROOT/pages/installation/registry/dockerhub.adoc b/docs/modules/ROOT/pages/installation/registry/dockerhub.adoc index 3b68c51d81..79f1d40e94 100644 --- a/docs/modules/ROOT/pages/installation/registry/dockerhub.adoc +++ b/docs/modules/ROOT/pages/installation/registry/dockerhub.adoc @@ -13,8 +13,9 @@ kamel install --registry docker.io --organization your-user-id-or-org --registry The `--registry-auth-username` and `--registry-auth-password` flags are used by the `kamel` CLI to create a Kubernetes secret that holds your credentials for authenticating against the Docker registry. -In the general case, the `--registry-auth-server` should be used, but it can be omitted for Docker Hub because it's -automatically set to `https://index.docker.io/v1/`. +In the general case, the `--registry-auth-server` should be used ad it's automatically set to `https://index.docker.io/v1/`. Depending on the xref:installation/registry/registry.adoc[publish strategy] you are using you will need to adapt you credentials with the `--registry-auth-server` flag. **Spectrum** expect `https://index.docker.io/v1/` while **Jib** expect `docker.io`. + +NOTE: **Jib** works with Docker Hub in API v2 out of the box while **Spectrum** needs some adaptations for it to work. == Alternative Methods @@ -26,6 +27,7 @@ Or you can also decide to create it using `kubectl`, with the following command: kubectl create secret docker-registry your-secret-name --docker-username your-user --docker-password your-pass ---- + Another possibility is to upload to the cluster your entire list of push/pull secrets: [source,bash] @@ -42,3 +44,5 @@ After you've created the secret, you can link it to Camel K during installation: ---- kamel install --registry docker.io --organization your-user-id-or-org --registry-secret your-secret-name ---- + +As with the default method, this depends on the xref:installation/registry/registry.adoc[publish strategy] you are using. So make sure any credential contains the valid authentication servers: `https://index.docker.io/v1/` for **Spectrum** and `docker.io` for **Jib**. \ No newline at end of file diff --git a/pkg/util/registry/registry.go b/pkg/util/registry/registry.go index e2c118e167..623110d70f 100644 --- a/pkg/util/registry/registry.go +++ b/pkg/util/registry/registry.go @@ -25,6 +25,7 @@ import ( "fmt" "os" "path/filepath" + "strings" "github.com/apache/camel-k/v2/pkg/client" "go.uber.org/multierr" @@ -32,7 +33,7 @@ import ( ) var knownServersByRegistry = map[string]string{ - "docker.io": "https://index.docker.io/v1/", + "docker.io": "https://index.docker.io/v1/,docker.io", } // Auth contains basic information for authenticating against a container registry. @@ -64,7 +65,8 @@ func (a Auth) IsSet() bool { // validate checks if all fields are populated correctly. func (a Auth) validate() error { - if a.getActualServer() == "" || a.Username == "" { + actualSevers := a.getActualServers() + if len(actualSevers) < 1 || a.Username == "" { return errors.New("not enough information to generate a registry authentication file") } @@ -82,24 +84,26 @@ func (a Auth) GenerateDockerConfig() ([]byte, error) { } func (a Auth) generateDockerConfigObject() DockerConfigList { - return DockerConfigList{ - map[string]DockerConfig{ - a.getActualServer(): { - Auth: a.encodedCredentials(), - }, - }, + dockerConfigs := make(map[string]DockerConfig) + for _, server := range a.getActualServers() { + dockerConfigs[server] = DockerConfig{Auth: a.encodedCredentials()} } + return DockerConfigList{Auths: dockerConfigs} } -func (a Auth) getActualServer() string { +func (a Auth) getActualServers() []string { if a.Server != "" { - return a.Server + return []string{a.Server} } if p, ok := knownServersByRegistry[a.Registry]; ok { - return p + return strings.Split(p, ",") } - return a.Registry + if a.Registry != "" { + return []string{a.Registry} + } + + return nil } func (a Auth) encodedCredentials() string { diff --git a/pkg/util/registry/registry_test.go b/pkg/util/registry/registry_test.go index 948f2fa207..a9cb29dbbe 100644 --- a/pkg/util/registry/registry_test.go +++ b/pkg/util/registry/registry_test.go @@ -36,7 +36,8 @@ func TestAuth_GenerateDockerConfig(t *testing.T) { } conf, err := a.GenerateDockerConfig() assert.Nil(t, err) - assert.Equal(t, `{"auths":{"https://index.docker.io/v1/":{"auth":"bmljOg=="}}}`, string(conf)) + assert.Contains(t, string(conf), `"https://index.docker.io/v1/":{"auth":"bmljOg=="}`) + assert.Contains(t, string(conf), `"docker.io":{"auth":"bmljOg=="}`) a = Auth{ Username: "nic",