Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adding Porch private authenticated registries functionality documentation #178

Merged
merged 21 commits into from
Nov 7, 2024
Merged
Changes from 3 commits
Commits
Show all changes
21 commits
Select commit Hold shift + click to select a range
6c14729
added documentation for setting up function runner to use private aut…
Catalin-Stratulat-Ericsson Oct 21, 2024
3c10cdb
modification to language, hyperlinks and improved consistency
Catalin-Stratulat-Ericsson Oct 21, 2024
240014b
small patch for secret name variable
Catalin-Stratulat-Ericsson Oct 21, 2024
a8562b4
added small statement regarding potential access permission issues
Catalin-Stratulat-Ericsson Oct 22, 2024
cb9cd33
added example for mount path permissions
Catalin-Stratulat-Ericsson Oct 22, 2024
119236b
fix typo in first point
Catalin-Stratulat-Ericsson Oct 22, 2024
b79522b
added namespace clarification
Catalin-Stratulat-Ericsson Oct 22, 2024
9907d33
changed symbol type for file names as per suggestion
Catalin-Stratulat-Ericsson Oct 22, 2024
eb97c98
changed e.g. usage to for example as per suggestions
Catalin-Stratulat-Ericsson Oct 22, 2024
13f9793
added note synax to notes as per recommendation
Catalin-Stratulat-Ericsson Oct 22, 2024
b9672d0
changed the Hugo Warnings to Notes
Catalin-Stratulat-Ericsson Oct 22, 2024
c681720
made ammendments to language and structure as per comment suggestions
Catalin-Stratulat-Ericsson Oct 29, 2024
34b062f
renamed file name to match the title change in previous commit
Catalin-Stratulat-Ericsson Oct 29, 2024
f8dc2d3
changed small formating issue
Catalin-Stratulat-Ericsson Oct 29, 2024
99d13cb
ammended requested changes which were missed
Catalin-Stratulat-Ericsson Oct 29, 2024
672afec
added docker config.json template explination for clarity
Catalin-Stratulat-Ericsson Oct 29, 2024
3e15fe1
fixed repeated here in link
Catalin-Stratulat-Ericsson Oct 29, 2024
3b272ee
fixed incorrect style use as per styling guide
Catalin-Stratulat-Ericsson Oct 29, 2024
777d91f
adding documentation to match new arguments
Catalin-Stratulat-Ericsson Nov 6, 2024
bed0059
added clarification of secret duplication to porch-fn-system namespace
Catalin-Stratulat-Ericsson Nov 6, 2024
aa7129e
fixed few grammatical errors as suggested by comments
Catalin-Stratulat-Ericsson Nov 6, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
@@ -1,24 +1,24 @@
---
title: "Using external private registries"
title: "Using authenticated private registries"
type: docs
weight: 4
description: ""
---

To enable the Porch function runner to communicate with authenticated private registries, we must:
To enable the Porch function runner to pull kpt function images from authenticated private registries, the system requires the:
Catalin-Stratulat-Ericsson marked this conversation as resolved.
Show resolved Hide resolved

1. Create a kubernetes secret using a docker *config.json* file.
2. Mount this new secret as a volume on the function runner.
3. Provide this secret mount path to the function runner using the argument `--registry-auth-secret-path`
1. Creation of a kubernetes secret using a docker *config.json* file.
2. Mounting this new secret as a volume on the function runner.
3. Providing the path of the mounted secret to the function runner using the argument `--registry-auth-secret-path`

A quick way to generate this secret for your use using your docker *config.json* would be to run the following.
A quick way to generate this secret for your use using your docker *config.json* would be to run the following command:

```bash
kubectl create secret generic <SECRET_NAME> --from-file=.dockerconfigjson=/path/to/your/config.json --type=kubernetes.io/dockerconfigjson --dry-run=client -o yaml -n porch-system
```

{{% alert title="Note" color="primary" %}}
The secret should be in the same namespace as the function runner deployment which by default is the *porch-system* namespace.
The secret must be in the same namespace as the function runner deployment. By default, this is the *porch-system* namespace.
{{% /alert %}}

This should generate a secret template similar to the one below which you can add to the *2-function-runner.yaml* file present on the Porch deployment found [here](https://github.com/nephio-project/catalog/tree/main/nephio/core/porch)
Expand Down Expand Up @@ -56,10 +56,10 @@ volumes:
You may specify your desired `mountPath:` so long as the function runner can access it.

{{% alert title="Note" color="primary" %}}
The chosen `mountPath:` should use its own directory if placed in an existing directory so that it does not overwrite access permissions of the existing directory. For example if you wish to mount on `/var/tmp` you should use `mountPath: /var/tmp/<SUB_DIRECTORY>` etc.
The chosen `mountPath:` should use its own directory if placed in an existing directory so that it does not overwrite access permissions of the existing directory. for example, if you wish to mount on `/var/tmp` you should use `mountPath: /var/tmp/<SUB_DIRECTORY>` etc.
{{% /alert %}}

Lastly you must add the `--registry-auth-secret-path` to the function runner arguments, giving the path of the secret file mount.
Lastly you must add the `--registry-auth-secret-path` to the arguments of the function-runner Deployment object in the *2-function-runner.yaml* file, giving the path of the secret file mount:

```yaml
command:
Expand All @@ -70,4 +70,4 @@ command:
- --pod-namespace=porch-fn-system
```

With this last step, if your Porch package uses a custom kpt function image stored in a private registry (For example `- image: ghcr.io/private-registry/set-namespace:customv2`), the function runner will now use the secret info as an `imagePullSecret` for the function pods as documented [here](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/).
With this last step, if your Porch package uses a custom kpt function image stored in an authenticated private registry (for example `- image: ghcr.io/private-registry/set-namespace:customv2`), the function runner will now use the secret info as an `imagePullSecret` for the function pods as documented [here](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/).