Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Removes server name checking from secret-based registry auth #57

Merged
merged 2 commits into from
Aug 24, 2022
Merged

Removes server name checking from secret-based registry auth #57

merged 2 commits into from
Aug 24, 2022

Conversation

sonnysideup
Copy link
Contributor

@sonnysideup sonnysideup commented Aug 24, 2022
edited
Loading

If a user wants to authenticate with 2 or more registries contained within a single k8s secret, then they are required to create an ImageBuild with the following auth section:

registryAuths:
- server: "server1"
  secret:
    name: many-registry-auths
    namespace: ns
- server: "server2"
  secret:
    name: many-registry-auths
    namespace: ns

and this can become somewhat cumbersome as that list grows. Furthermore, the server field for secrets is meant to server as a verification mechanism (i.e. an error will be raised if it's missing from the underlying secret data). I think we can add the verification to another field, or implement a different way that removes the labor involved here. For now, I'm disabling it and promoting all auths contained within the secret over to buildkit.

Tested locally pulling from one private registry and pushing to a different private registry with a single secret containing both sets of credentials.

/cc @ddl-kevin

@sonnysideup sonnysideup requested a review from steved August 24, 2022 20:38
@ddl-kevin ddl-kevin requested a review from saahildhulla August 24, 2022 20:38
ddl-kevin
ddl-kevin approved these changes Aug 24, 2022
View reviewed changes
Copy link

@ddl-kevin ddl-kevin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

saahildhulla
saahildhulla approved these changes Aug 24, 2022
View reviewed changes
Copy link

@saahildhulla saahildhulla left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@sonnysideup sonnysideup merged commit 6f570ce into main Aug 24, 2022
@sonnysideup sonnysideup deleted the transfer-all-secret-auths-to-buildkit branch August 24, 2022 21:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@saahildhulla saahildhulla saahildhulla approved these changes

@ddl-kevin ddl-kevin ddl-kevin approved these changes

@steved steved Awaiting requested review from steved

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@sonnysideup @saahildhulla @ddl-kevin