Skip to content

Commit 9eeeab0

Browse files
PothulapatiSimon Emms
authored andcommitted
[kots] load dockerConfigJson reigstry names into privateBaseImageAllowList
Follow upto #12174 This PR updates the installer logic to also load the auth's reigstry URL's into `.containerRegistry.privateBaseImageAllowList`. Signed-off-by: Tarun Pothulapati <[email protected]> Co-authored-by: Simon Emms <[email protected]> Co-authored-by: Simon Emms <[email protected]>
1 parent 50623fb commit 9eeeab0

File tree

2 files changed

+10
-4
lines changed

2 files changed

+10
-4
lines changed

install/kots/manifests/gitpod-installer-job.yaml

Lines changed: 9 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -178,6 +178,15 @@ spec:
178178
yq e -i ".containerRegistry.privateBaseImageAllowList += \"docker.io\"" "${CONFIG_FILE}"
179179
fi
180180
181+
if [ '{{repl ConfigOptionNotEquals "reg_docker_config" "" }}' = "true" ];
182+
then
183+
DOCKER_CONFIG='{{repl ConfigOptionData "reg_docker_config" | Base64Encode }}'
184+
echo "${DOCKER_CONFIG}" | base64 -d > /tmp/userconfig.json
185+
# Add the registries to the server allowlist
186+
yq e -i ".containerRegistry.privateBaseImageAllowList += $(cat /tmp/userconfig.json | jq '.auths' | jq -rc 'keys')" "${CONFIG_FILE}"
187+
yq e -i ".containerRegistry.privateBaseImageAllowList += \"docker.io\"" "${CONFIG_FILE}"
188+
fi
189+
181190
# Output the local registry secret - this is proxy.replicated.com if user hasn't set their own
182191
echo "{{repl LocalRegistryImagePullSecret }}" | base64 -d > /tmp/kotsregistry.json
183192
@@ -360,9 +369,6 @@ spec:
360369
| base64 -d \
361370
> /tmp/currentconfig.json
362371
363-
DOCKER_CONFIG='{{repl ConfigOptionData "reg_docker_config" | Base64Encode }}'
364-
echo "${DOCKER_CONFIG}" | base64 -d > /tmp/userconfig.json
365-
366372
export REGISTRY_SECRET=$(jq -s '.[0] * .[1]' /tmp/userconfig.json /tmp/currentconfig.json | base64 -w 0)
367373
368374
echo "Gitpod: update the in-cluster registry secret"

install/kots/manifests/kots-config.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -119,7 +119,7 @@ spec:
119119
when: '{{repl ConfigOptionEquals "reg_docker_config_enable" "1" }}'
120120
type: file
121121
required: true
122-
help_text: Docker [config JSON file](https://docs.docker.com/engine/reference/commandline/cli/#sample-configuration-file) with auth credentials used to access private registries, for workspace images.
122+
help_text: "Docker [config JSON file](https://docs.docker.com/engine/reference/commandline/cli/#sample-configuration-file) with auth credentials used to access private registries, for workspace images. **NB.** All of the registries in the config with be automatically added to the [`privateBaseImageAllowList`]()."
123123

124124
- name: database
125125
title: Database

0 commit comments

Comments
 (0)