From d7ff88b3cb756ff1dd4771d8e3ff470111c2aa38 Mon Sep 17 00:00:00 2001 From: Rob Best Date: Fri, 6 Sep 2024 13:30:41 +0100 Subject: [PATCH] Add dockerconfigjson value to Helm chart This makes it possible to configure the credentials used by the fallback OCI client. --- .../version-checker/templates/deployment.yaml | 11 ++++++++ .../version-checker/templates/secret.yaml | 10 +++++++ deploy/charts/version-checker/values.yaml | 12 +++++++++ docs/configuration.md | 27 +++++++++++++++++++ 4 files changed, 60 insertions(+) create mode 100644 docs/configuration.md diff --git a/deploy/charts/version-checker/templates/deployment.yaml b/deploy/charts/version-checker/templates/deployment.yaml index 981d7d1d..53617b46 100644 --- a/deploy/charts/version-checker/templates/deployment.yaml +++ b/deploy/charts/version-checker/templates/deployment.yaml @@ -52,6 +52,9 @@ spec: - "--log-level={{.Values.versionChecker.logLevel}}" - "--metrics-serving-address={{.Values.versionChecker.metricsServingAddress}}" - "--test-all-containers={{.Values.versionChecker.testAllContainers}}" + volumeMounts: + - name: docker-config + mountPath: /docker resources: {{- toYaml .Values.resources | nindent 12 }} {{- with .Values.securityContext }} @@ -72,6 +75,8 @@ spec: name: {{.Values.existingSecret}} {{- end }} env: + - name: DOCKER_CONFIG + value: /docker {{- if .Values.acr.refreshToken }} # ACR - name: VERSION_CHECKER_ACR_REFRESH_TOKEN @@ -206,6 +211,12 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} volumes: + - name: docker-config + secret: + secretName: {{ include "version-checker.name" . }}-docker-config + items: + - key: .dockerconfigjson + path: config.json {{- if $secretEnabled }} - name: {{ include "version-checker.name" . }} secret: diff --git a/deploy/charts/version-checker/templates/secret.yaml b/deploy/charts/version-checker/templates/secret.yaml index 948af622..f0585346 100644 --- a/deploy/charts/version-checker/templates/secret.yaml +++ b/deploy/charts/version-checker/templates/secret.yaml @@ -72,3 +72,13 @@ metadata: {{ include "version-checker.labels" . | indent 4 }} type: Opaque {{- end }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ (include "version-checker.name" .) }}-docker-config + labels: +{{ include "version-checker.labels" . | indent 4 }} +type: kubernetes.io/dockerconfigjson +data: + .dockerconfigjson: {{ .Values.dockerconfigjson | b64enc }} diff --git a/deploy/charts/version-checker/values.yaml b/deploy/charts/version-checker/values.yaml index cf0756a9..94de3fb1 100644 --- a/deploy/charts/version-checker/values.yaml +++ b/deploy/charts/version-checker/values.yaml @@ -189,3 +189,15 @@ serviceMonitor: enabled: false # -- Additional labels to add to the ServiceMonitor additionalLabels: {} + +# -- Provide a raw docker config json. Makes it possible to configure the +# authentication credentials used by the OCI client. +dockerconfigjson: "{}" +#dockerconfigjson: | +# { +# "auths": { +# "registry.example.com": { +# "auth": "QXp1cmVEaWFtb25kOmh1bnRlcjI=" +# } +# } +# } diff --git a/docs/configuration.md b/docs/configuration.md new file mode 100644 index 00000000..7547bc87 --- /dev/null +++ b/docs/configuration.md @@ -0,0 +1,27 @@ +# Configuration + +This document describes how to configure version-checker. + +## Clients + +### OCI + +If there are no specific client implementations for the upstream registry +provider, then version-checker will fallback to using a basic OCI client. + +You can configure authentication for specific registries by [setting credentials +in Docker's config.json](https://github.com/google/go-containerregistry/blob/c195f151efe3369874c72662cd69ad43ee485128/pkg/authn/README.md#docker-config-auth). + +If you're using the Helm chart to deploy version-checker then you can set this +with the `dockerconfigjson` value. + +```yaml +dockerconfigjson: | + { + "auths": { + "registry.example.com": { + "auth": "QXp1cmVEaWFtb25kOmh1bnRlcjI=" + } + } + } +```