Skip to content

[WIP] Pull secret controller 4.17 #200

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 9 commits into from
Closed

[WIP] Pull secret controller 4.17 #200

wants to merge 9 commits into from

Conversation

@ankitathomas
Copy link
Contributor

@ankitathomas ankitathomas commented Nov 26, 2024

No description provided.

@openshift-ci openshift-ci bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Nov 26, 2024
@openshift-ci openshift-ci bot requested review from perdasilva and tmshort November 26, 2024 14:22
m1kola and others added 6 commits November 26, 2024 10:25
@m1kola @ankitathomas
UPSTREAM: <drop>: Remove unused pull secret configuration (#1180)
fdd0e2e 
Signed-off-by: Mikalai Radchuk <mradchuk@redhat.com>
@anik120 @ankitathomas
UPSTREAM: <drop>: ✨ Use creds if present for pulling bundle images (#…
2502132 
…1303)
@anik120 @ankitathomas
UPSTREAM: <drop>: Add hostPath mount for /var/lib/kubelet
d012c7c 
MCO makes the global pull secrets available in `/var/lib/kubelet`.
Operator-controller will look for these secrets in `/etc/operator-controller`
folder, ref [operator-controller:1303](operator-framework/operator-controller#1303).

This PR hostPath mounts the `/var/lib/kublet` directory from the host to the
`/etc/operator-controller` directory in the container's filesystem.

RFC: [OLMv1 Private registry support](https://docs.google.com/document/d/1BXD6kj5zXHcGiqvJOikU2xs8kV26TPnzEKp6n7TKD4M/edit?usp=sharing)
Signed-off-by: Anik Bhattacharjee <anbhatta@redhat.com>
@joelanford @ankitathomas
UPSTREAM: <drop>: follow-ups for containers/image from catalogd and p…
368dc54 
…revious PR (#1270)

Signed-off-by: Joe Lanford <joe.lanford@gmail.com>
@anik120 @ankitathomas
UPSTREAM: <drop>: ✨ Add PullSecret controller to save pull secret dat…
c5e4df6 
…a locally (#1322)

* ✨ Add PullSecret controller to save pull secret data locally

RFC: https://docs.google.com/document/d/1BXD6kj5zXHcGiqvJOikU2xs8kV26TPnzEKp6n7TKD4M/edit#heading=h.x3tfh25grvnv

* main.go: improved cache configuration for watching pull secret

Signed-off-by: Joe Lanford <joe.lanford@gmail.com>

---------

Signed-off-by: Joe Lanford <joe.lanford@gmail.com>
@m1kola @ankitathomas
UPSTREAM: <drop>: Fix pulling signed images (#1369)
eca162e 
This fixes "pushing signatures for OCI images is not supported" error
when working with signed source images.

If policy context requires signature validation for a registry
we will still be performing it on pull, but we will be removing
source signatures when copying into a temporary OCI layout
for unpacking.

Signed-off-by: Mikalai Radchuk <mradchuk@redhat.com>
@ankitathomas ankitathomas force-pushed the pull-secret-controller-4.17 branch from 5dee869 to ba9c46c Compare November 26, 2024 15:27
@ankitathomas
Copy link
Contributor Author

ankitathomas commented Dec 2, 2024

/retest

@ankitathomas ankitathomas force-pushed the pull-secret-controller-4.17 branch from ba9c46c to 188e2dc Compare December 2, 2024 10:59
@ankitathomas
Copy link
Contributor Author

ankitathomas commented Dec 2, 2024

/retest

3 similar comments
@ankitathomas
Copy link
Contributor Author

ankitathomas commented Dec 4, 2024

/retest

@ankitathomas
Copy link
Contributor Author

ankitathomas commented Dec 5, 2024

/retest

@ankitathomas
Copy link
Contributor Author

ankitathomas commented Dec 6, 2024

/retest

@LalatenduMohanty
Copy link
Member

LalatenduMohanty commented Dec 12, 2024

We can close this in favor of #201

Mikalai Radchuk and others added 3 commits December 12, 2024 11:11
@ankitathomas
UPSTREAM: <drop>: Add global-pull-secret flag
21cec7c 
Pass global-pull-secret to the manager container.

Signed-off-by: Mikalai Radchuk <mradchuk@redhat.com>
@everettraven @ankitathomas
UPSTREAM: <drop>: (bugfix): fix a bug in the containers image source …
b01781e 
…(#1395)

where we always pulled image references using the canonical reference.
Now we pull images using the reference provided to the source. Using only
the canonical reference resulted in not respecting some mirroring configurations
related to tags because we never used tag-based references.

Signed-off-by: everettraven <everettraven@gmail.com>
@ankitathomas
UPSTREAM: <drop>: go mod vendor
e561f4f 
Signed-off-by: Ankita Thomas <ankithom@redhat.com>
@ankitathomas ankitathomas force-pushed the pull-secret-controller-4.17 branch from 188e2dc to e561f4f Compare December 12, 2024 16:12
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Dec 12, 2024

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: ankitathomas
Once this PR has been reviewed and has the lgtm label, please assign everettraven for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@ankitathomas
Copy link
Contributor Author

ankitathomas commented Dec 12, 2024

closing in favor of #201

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@perdasilva perdasilva Awaiting requested review from perdasilva

@tmshort tmshort Awaiting requested review from tmshort

Assignees

No one assigned

Labels

do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@ankitathomas @LalatenduMohanty @m1kola @anik120 @joelanford @everettraven