Skip to content

auth/gcp: add support for sovereign cloud artifact registry#1201

Merged
matheuscscp merged 1 commit into
mainfrom
gcp-oci-sovereign
May 19, 2026
Merged

auth/gcp: add support for sovereign cloud artifact registry#1201
matheuscscp merged 1 commit into
mainfrom
gcp-oci-sovereign

Conversation

@matheuscscp
Copy link
Copy Markdown
Member

@matheuscscp matheuscscp commented May 19, 2026

Closes: fluxcd/flux2#5874

This will unblock support only for controller-level workload identity. The Google libraries will read the environment variables internally when using controller-level workload identity. For object-level we will need new API surface, to be covered in a new RFC I'm working on.

@matheuscscp
auth/gcp: add support for sovereign cloud artifact registry
1a3b308 
Signed-off-by: Matheus Pimenta <matheuscscp@gmail.com>
@matheuscscp matheuscscp requested a review from stefanprodan May 19, 2026 10:19
@matheuscscp matheuscscp requested a review from a team as a code owner May 19, 2026 10:19
@matheuscscp matheuscscp added area/security Security related issues and pull requests backport:flux/v2.8.x To be backported to flux/v2.8.x labels May 19, 2026
stefanprodan
stefanprodan approved these changes May 19, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@stefanprodan stefanprodan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@matheuscscp matheuscscp merged commit 92f4559 into main May 19, 2026
15 checks passed
@matheuscscp matheuscscp deleted the gcp-oci-sovereign branch May 19, 2026 10:26
@fluxcdbot
Copy link
Copy Markdown
Member

fluxcdbot commented May 19, 2026

Successfully created backport PR for flux/v2.8.x:

@fluxcdbot fluxcdbot mentioned this pull request May 19, 2026
Merged
This was referenced May 19, 2026
Merged
Merged
Merged
Merged
@zodd3131
Copy link
Copy Markdown

zodd3131 commented Jun 1, 2026

Hello Matheus,
Thank you for the work done.

I should have been more specific. Container images on s3ns are formatted this way :
docker.s3nsregistry.fr/s3ns/<project_id>/<artifact_registry_name>/<path_to_image>:

Contrary to gcp, there is no prefix with the location. "u-france-east1" doesn't show up on image name.

i think regexp should be change to:

const registryPattern = `^(((.+\.)?gcr\.io)|(.+-docker\.pkg\.dev)|(docker\.s3nsregistry\.fr))$`

I'm sorry I believe this change affect unit tests too.

Thank you in advance!

@matheuscscp
Copy link
Copy Markdown
Member Author

matheuscscp commented Jun 2, 2026

@zodd3131 These docs disagree with you: https://documentation.s3ns.fr/artifact-registry/docs/docker/troubleshoot

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@stefanprodan stefanprodan stefanprodan approved these changes

Assignees

No one assigned

Labels

area/security Security related issues and pull requests backport:flux/v2.8.x To be backported to flux/v2.8.x

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add support for GCP compatible Sovereign cloud (S3NS/Thales)

4 participants

@matheuscscp @fluxcdbot @zodd3131 @stefanprodan