User Preference of Container Registry as mountable secret to inject authentication for podman command line

[eye0fra]

Is your enhancement related to a problem? Please describe

It would be beneficial to use the user's preferred Container Registries not only for pulling images but also for authenticating the podman command line.

Describe the solution you'd like

After the user adds the registry entries through the dashboard, the operator should generate a secret with the appropriate labels and annotations for image pulling and mounting in the user's workspace.

... 
  labels:
    # This one is already present
    controller.devfile.io/devworkspace_pullsecret: 'true'
    # To add
    controller.devfile.io/mount-to-devworkspace: 'true'
    controller.devfile.io/watch-secret: 'true'
 # To add
  annotations:
    controller.devfile.io/mount-as: subpath
    controller.devfile.io/mount-path: /home/user/.docker
    

In the init container, if the secret exists, it should make a copy at /home/user/.config/containers/auth.json. This ensures that the user can seamlessly use the podman login command without encountering any issues, as the file will be readable and writable.

Describe alternatives you've considered

A workaround involves mounting the secret generated by the dashboard at a designated location and using a specific command to copy it to the correct path for auth.json.

... 
  labels:
    # This one is already present
    controller.devfile.io/devworkspace_pullsecret: 'true'
    # To add
    controller.devfile.io/mount-to-devworkspace: 'true'
    controller.devfile.io/watch-secret: 'true'
 # To add
  annotations:
    controller.devfile.io/mount-as: subpath
    controller.devfile.io/mount-path: /home/user/.docker
    

The purpose of the post-event is to ensure the availability of a read-write file in case a user executes the podman login command in the terminal.

A sample devfile:

schemaVersion: 2.2.0
metadata:
  name: dev-base
  version: 1.0.0
attributes:
  controller.devfile.io/scc: container-build
projects: []
components:
  - name: developer-image
    attributes:
      pod-overrides:
        metadata:
         labels:
           ssf.bit.admin.ch/name: base
           ssf.bit.admin.ch/type: dev-image
    container:
      cpuLimit: '4'
      cpuRequest: '1'
      image: quay.io/tool-image:1.0.0
      memoryLimit: 8G
      memoryRequest: 4G
      mountSources: true
      env:
        - name: KUBEDOCK_ENABLED
          value: 'true'
        - name: SSL_CERT_DIR
          value: /var/run/secrets/kubernetes.io/serviceaccount
      volumeMounts:
        - name: bin
          path: /home/.local/bin
  - name: bin
    volume:
      size: 1Gi
commands:
  - id: podman-auth
    exec:
      component: developer-image
      commandLine: "cp /home/user/.docker/.dockerconfigjson /home/user/.config/containers/auth.json 2>/dev/null || :"
      workingDir: /home/user
events:
  postStart:
    - podman-auth

Additional context

No response

[tolusha]

Dashboard does exec podman login for configured external docker registries when workspace is up and running.

[ibuziuk]

@tolusha could you please provide RN for this issue in the comment?