[kots] Allow users to upload a .docker/config.json file
#12174
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Pothulapati
force-pushed
the
tar/kots-dockerconfig
branch
from
5a04f3f
to
e963107
Compare
Pothulapati
force-pushed
the
tar/kots-dockerconfig
branch
11 times, most recently
from
81ecde6
to
21b2ed1
Compare
github-actions
bot
added
the
team: delivery
|
/werft run publish-to-kots 👍 started the job as gitpod-build-tar-kots-dockerconfig.20 |
Pothulapati
commented
Aug 18, 2022
| @@ -174,8 +184,7 @@ spec: | |||
| kubectl create secret docker-registry container-registry \ | |||
| --namespace "{{repl Namespace }}" \ | |||
| --from-file=.dockerconfigjson=/tmp/container-registry-secret \ | |||
| -o yaml --dry-run=client | \ | |||
| kubectl replace --namespace "{{repl Namespace }}" --force -f - | |||
| -o yaml --dry-run=client > "${GITPOD_OBJECTS}/templates/gitpod.yaml" | |||
There was a problem hiding this comment.
Changed this to save the secret in the gitpod.yaml, instead of applying so that we can post process it if the user submits more docker configs through the new option
There was a problem hiding this comment.
Seems a reasonable approach. This means that we'll have a secret at the start of the YAML file, but that shouldn't be a problem as it's what we're doing anyway
|
@Pothulapati what does the UX, specifically the user flow, look like here? When does a user set this and how - do they need to also set something else for this to take Affect? |
|
@lucasvaltl This adds a new config option in the
Not really, because this is automatically set everywhere to be used. They will have to obviously use the container image somewhere to actually use the functionality. 🤔 |
Pothulapati
force-pushed
the
tar/kots-dockerconfig
branch
from
21b2ed1
to
107b284
Compare
Pothulapati
force-pushed
the
tar/kots-dockerconfig
branch
from
107b284
to
e429538
Compare
mrsimonemms
reviewed
Aug 19, 2022
| @@ -79,6 +79,16 @@ spec: | |||
| fi | |||
|
|
|||
| echo "Gitpod: Generate the base Installer config" | |||
| echo "Gitpod: Create a Helm template directory" | |||
There was a problem hiding this comment.
The echo "Gitpod: Generate the base Installer config" line should go above the /app/installer init > "${CONFIG_FILE}" so that the logging is representative of what's going on
| @@ -174,8 +184,7 @@ spec: | |||
| kubectl create secret docker-registry container-registry \ | |||
| --namespace "{{repl Namespace }}" \ | |||
| --from-file=.dockerconfigjson=/tmp/container-registry-secret \ | |||
| -o yaml --dry-run=client | \ | |||
| kubectl replace --namespace "{{repl Namespace }}" --force -f - | |||
| -o yaml --dry-run=client > "${GITPOD_OBJECTS}/templates/gitpod.yaml" | |||
There was a problem hiding this comment.
Seems a reasonable approach. This means that we'll have a secret at the start of the YAML file, but that shouldn't be a problem as it's what we're doing anyway
Pothulapati
force-pushed
the
tar/kots-dockerconfig
branch
4 times, most recently
from
706b2a6
to
4caf78e
Compare
mrsimonemms
approved these changes
Aug 19, 2022
Signed-off-by: Tarun Pothulapati <tarun@gitpod.io>
Pothulapati
force-pushed
the
tar/kots-dockerconfig
branch
from
4caf78e
to
5f32584
Compare
|
This is how the option looks now!
|
lucasvaltl
reviewed
Aug 19, 2022
| when: '{{repl ConfigOptionEquals "reg_docker_config_enable" "1" }}' | ||
| type: file | ||
| required: true | ||
| help_text: Docker [config JSON file](https://docs.docker.com/engine/reference/commandline/cli/#sample-configuration-file) with auth credentials used to access private registries, for workspace images. |
There was a problem hiding this comment.
Suggested change
| help_text: Docker [config JSON file](https://docs.docker.com/engine/reference/commandline/cli/#sample-configuration-file) with auth credentials used to access private registries, for workspace images. | |
| help_text: Docker [config JSON file](https://docs.docker.com/engine/reference/commandline/cli/#sample-configuration-file) with auth credentials used to access private registries used for pulling base workspace images. |
There was a problem hiding this comment.
credentials used to access private registries used for pulling base workspace images.
Happy to update, but used to <> used for <> sounds a bit confusing?
lucasvaltl
reviewed
Aug 19, 2022
| help_text: This is useful when you have base workspace images in private registries other than the above configured ones. | ||
|
|
||
| - name: reg_docker_config | ||
| title: Registry credentials |
There was a problem hiding this comment.
Suggested change
| title: Registry credentials | |
| title: Private base image registry credentials |
lucasvaltl
reviewed
Aug 19, 2022
| title: Configure additional registry credentials for pulling workspace images | ||
| type: bool | ||
| default: "0" | ||
| help_text: This is useful when you have base workspace images in private registries other than the above configured ones. |
There was a problem hiding this comment.
Suggested change
| help_text: This is useful when you have base workspace images in private registries other than the above configured ones. | |
| help_text: This is useful when you want to use base workspace images in private registries other than the above configured ones or the [default base workspace images stored on Docker Hub](https://github.com/gitpod-io/workspace-images). |
lucasvaltl
approved these changes
Aug 19, 2022
|
/unhold |
Pothulapati
added a commit
that referenced
this pull request
Aug 25, 2022
Follow up to #12174, and improves the help_text around the newly added fields. Signed-off-by: Tarun Pothulapati <tarun@gitpod.io>
1 task
Pothulapati
added a commit
that referenced
this pull request
Aug 25, 2022
…owList` Follow upto #12174 This PR updates the installer logic to also load the auth's reigstry URL's into `.containerRegistry.privateBaseImageAllowList`. Signed-off-by: Tarun Pothulapati <tarun@gitpod.io>
1 task
nandajavarma
pushed a commit
that referenced
this pull request
Aug 26, 2022
…owList` Follow upto #12174 This PR updates the installer logic to also load the auth's reigstry URL's into `.containerRegistry.privateBaseImageAllowList`. Signed-off-by: Tarun Pothulapati <tarun@gitpod.io> Co-authored-by: Simon Emms <simon@gitpod.io> Co-authored-by: Simon Emms <simon@gitpod.io>
nandajavarma
pushed a commit
that referenced
this pull request
Aug 26, 2022
…owList` Follow upto #12174 This PR updates the installer logic to also load the auth's reigstry URL's into `.containerRegistry.privateBaseImageAllowList`. Signed-off-by: Tarun Pothulapati <tarun@gitpod.io> Co-authored-by: Simon Emms <simon@gitpod.io> Co-authored-by: Simon Emms <simon@gitpod.io>
nandajavarma
added a commit
that referenced
this pull request
Aug 26, 2022
…owList` Follow upto #12174 This PR updates the installer logic to also load the auth's reigstry URL's into `.containerRegistry.privateBaseImageAllowList`. Signed-off-by: Tarun Pothulapati <tarun@gitpod.io> Co-authored-by: Simon Emms <simon@gitpod.io> Co-authored-by: Nandaja Varma <nandaja.varma@gmail.com>
nandajavarma
added a commit
that referenced
this pull request
Aug 26, 2022
…owList` Follow upto #12174 This PR updates the installer logic to also load the auth's reigstry URL's into `.containerRegistry.privateBaseImageAllowList`. Signed-off-by: Tarun Pothulapati <tarun@gitpod.io> Co-authored-by: Simon Emms <simon@gitpod.io> Co-authored-by: Nandaja Varma <nandaja.varma@gmail.com>
roboquat
pushed a commit
that referenced
this pull request
Aug 26, 2022
…owList` Follow upto #12174 This PR updates the installer logic to also load the auth's reigstry URL's into `.containerRegistry.privateBaseImageAllowList`. Signed-off-by: Tarun Pothulapati <tarun@gitpod.io> Co-authored-by: Simon Emms <simon@gitpod.io> Co-authored-by: Nandaja Varma <nandaja.varma@gmail.com>
mrsimonemms
pushed a commit
that referenced
this pull request
Aug 26, 2022
…owList` Follow upto #12174 This PR updates the installer logic to also load the auth's reigstry URL's into `.containerRegistry.privateBaseImageAllowList`. Signed-off-by: Tarun Pothulapati <tarun@gitpod.io> Co-authored-by: Simon Emms <simon@gitpod.io> Co-authored-by: Nandaja Varma <nandaja.varma@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
This PR updates the
kotsUI to add a new config option to upload registrycredentials irrespective of the registry being used, which is then merged
into a single
config.jsonfile and passed as the registry secret whichis then used across the workspace image builder components.
Related Issue(s)
Fixes #12136
How to test
Upload a
dockerconfigjsonfile through the new option,and see those credentials in the secret by running
Release Notes
Documentation
Werft options: