Add pkg.dev to automagic config file population #1328
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Kaniko currently does config file setup for GCR such that pushing to GCR automagically works. This change does the same for pkg.dev: https://cloud.google.com/artifact-registry This also tightens up the hostname check to ensure we don't send credentials to a registry that happens to contain "gcr.io".
tejal29
approved these changes
Jun 23, 2020
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Kaniko currently does config file setup for GCR such that pushing to GCR
automagically works. This change does the same for pkg.dev:
https://cloud.google.com/artifact-registry
This also tightens up the hostname check to ensure we don't send
credentials to a registry that happens to contain "gcr.io".
This uses the
--registriesflag fromdocker-credential-gcrto configure only the registry we actually care about, instead of just blindly callingdocker-credential-gcr configure-docker, which configures every domain. An alternative approach to this PR would be to add pkg.dev domains to the list of domains thatdocker-credential-gcr configure-dockerconfigures by default (see GoogleCloudPlatform/docker-credential-gcr#68), but that has the unfortunate side effect of makingdocker buildreally slow (it fetches credentials for every configured registry), which we want to avoid.Submitter Checklist
These are the criteria that every PR should meet, please check them off as you
review them:
See the contribution guide for more details.
Reviewer Notes