-
Notifications
You must be signed in to change notification settings - Fork 4.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Containerd repo mirror auth #12562
Containerd repo mirror auth #12562
Conversation
Hi @haad. Thanks for your PR. I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/ok-to-test |
af8a524
to
853ebbb
Compare
…ername/Password and Auth Token formats. Signed-off-by: Adam Hamsik <adam.hamsik@lablabs.io>
1e35730
to
b3b227c
Compare
Ping |
Hi @haad. Sorry for the delay in answering. We had some discussions about this topic at our weekly meeting and some concerns were raised about adding passwords directly into kOps config. There was no consensus on how to approach this last week, but it's still on our list of priorities. One question came up about the use of Docker secrets managed by kOps which are directly used by k8s even with containerd. Did you try to see if those work somehow for the mirrors too?. |
I understand, but We are not forcing our users to include those passwords there. Plus you have an option to use a token, too. Right no every Kops users has to override this config as a whole which isn't a good thing. It complicates workflow for them as they have to check if we have not changed default configuration(containerd/config.toml) before each upgrade. We should be able to add some cloud based password insertion scheme (Use aws system parameters as passwords), but I would add/implment that functionality as a separate PR. |
Shouldn't this be implemented similarly to the host-level docker auth (as a secret)? We could maybe abstract it to be a generic "registry auth" secret, and have it apply to both... for reference: #3087 |
That would be my preferred way of implementing this |
@haad: The following tests failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle rotten |
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /close |
@k8s-triage-robot: Closed this PR. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Add support for registry mirror authentication with containerD. This was managed byt overiding cotnainerd config as whole.