forked from operator-framework/operator-controller
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
📖 Document how to configure global pull secrets
Closes operator-framework#1409
- Loading branch information
Showing
3 changed files
with
54 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,51 @@ | ||
--- | ||
tags: | ||
- alpha | ||
--- | ||
|
||
# Configure global pull secrets for allowing components to pull private images | ||
|
||
To configure `catalogd` and `operator-controller` to use authentication information for pulling private images (catalog/bundle images etc), the components can be informed about a kubernetes `Secret` object that contains the relevant auth information. The `Secret` must be of type `kubernetes.io/dockerconfigjson`. | ||
|
||
Once the `Secret` is created, `catalogd` and `operator-controller` needs to be redeployed with an additional field, `--global-pull-secret=<secret-namespace>/<secret-name>` passed to the respective binaries. | ||
|
||
For eg, create a `Secret` using locally available `config.json`: | ||
|
||
```sh | ||
$ kubectl create secret docker-registry test-secret \ | ||
--from-file=.dockerconfigjson=$HOME/.docker/config.json \ | ||
--namespace olmv1-system | ||
secret/test-secret created | ||
``` | ||
|
||
Verify that the Secret is created: | ||
|
||
```sh | ||
$ kubectl get secret test-secret -n olmv1-system -o yaml | ||
apiVersion: v1 | ||
data: | ||
.dockerconfigjson: ewogICJh.... | ||
kind: Secret | ||
metadata: | ||
creationTimestamp: "2024-10-25T12:05:46Z" | ||
name: test-secret | ||
namespace: olmv1-system | ||
resourceVersion: "237734" | ||
uid: 880138f1-5d98-4bb0-9e45-45e8ebaff647 | ||
type: kubernetes.io/dockerconfigjson | ||
``` | ||
|
||
Modify the `config/base/manager/manager.yaml` file for `catalogd` and `operator-controller` to include the new field in the binary args: | ||
|
||
```yaml | ||
- command: | ||
- ./manager | ||
args: | ||
- ... | ||
- ... | ||
- ... | ||
- --global-pull-secret=olmv1-system/test-secret | ||
``` | ||
With the above configuration, creating a `ClusterCatalog` or a `ClusterExention` whose content is packaged in a private container image hosted in an image registry, will become possible. | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters