-
Bug
-
Resolution: Done
-
Undefined
-
1.5.0, 1.6.0
Description of problem:
The current documentation[1] describes the usage of the REGISTRY_AUTH_FILE variable to define the path to the file with the credentials of the container registry. However, that example does not include a way to apply for Helm or the Operator. It should be needed to explain the right steps to setup it to pull oci images of dynamic plugins from private or authenticated container image registries.
There is a way to resolve it without using that parameter, as overriding the dynamic-plugins-registry-auth secret. That secret is used by the initContainer to authenticate to the container image registry. That information should be also included in the documentation.
Prerequisites (if any, like setup, operators/versions):
This bug applies for the Helm and Operator configuration, as it could be different for each of them.
Steps to Reproduce
For a RHDH instance managed by the Operator, the way to set up the container image registry credentials is similar to:
- Create a local file with the credentials of the container image registry, for example: registry-auth.json
- Create a secret using the auth.json key for that file as:
oc create secret generic dynamic-plugins-registry-auth --from-file=auth.json=registry-auth.json
This configuration will override that secret in the initContainer to pull the images successfully from that private or authenticated container image registry.
Actual results:
Unclear instructions about how to set up the container image registry credentials to pull OCI images with dynamic plugins.
Expected results:
Reproducibility (Always/Intermittent/Only Once):
Build Details:
Additional info (Such as Logs, Screenshots, etc):
The usage of private or authenticated container image registry can be very extended for many users to store some private content. If the customer publishes dynamic plugins in that case, it should be needed to use a proper way to inject the credentials.
- is related to
-
-
- Release Pending
-
