kapp-controller
kapp-controller copied to clipboard
carvel-dev
Documentation: Mention that imgpkg does not extract username/password out of auth key for private auth
For users of kapp-controller's private auth feature, we should call out that the Kubernetes Secret of type dockerconfigjson only supports username/password keys like below:
apiVersion: v1
kind: Secret
metadata:
name: registry-credentials
type: kubernetes.io/dockerconfigjson
stringData:
.dockerconfigjson: |
{
"auths": {
"<HOSTNAME:PORT>": {
"username": "testuser",
"password": "testpassword"
}
}
}
Some users may expect the following format to work in their Secrets:
{
"auths": {
"<HOSTNAME:PORT>": {
"auth": "dGVzdHVzZXI6dGVzdHBhc3N3b3Jk"
}
}
}
imgpkg currently does not extract base64 encoded username/password under the auth key, so we should try to call out in kapp-controller's private auth docs that this format will not work.
A possible place to add this information would be in the bringing it all together section of the docs.
this is something we should also fix in vendir...
Captured some details in the linked issue, but feel free to add more vendir specifics to the issue.
Seems like this will be resolved in vendir pretty soon. As far as this issue, we should probably just instead make a minor mention about how this format was not supported in v0.24.0 but is in v0.25.0+. Assuming vendir bump occurs in v0.25.0.
@danielhelfand I think this one is done now right? The relevant code was added to vendir
As far as this issue, we should probably just instead make a minor mention about how this format was not supported in v0.24.0 but is in v0.25.0+. Assuming vendir bump occurs in v0.25.0.
It I guess just depends on how much this part matters anymore. Would be nice to mention somewhere in docs when this feature was added.
A possible place to add this information would be in the bringing it all together section of the docs.
This I think was as a good place to add.
