diff --git a/install/kots/manifests/gitpod-installer-job.yaml b/install/kots/manifests/gitpod-installer-job.yaml index 82df09895e789c..28bebf81b49930 100644 --- a/install/kots/manifests/gitpod-installer-job.yaml +++ b/install/kots/manifests/gitpod-installer-job.yaml @@ -178,6 +178,15 @@ spec: yq e -i ".containerRegistry.privateBaseImageAllowList += \"docker.io\"" "${CONFIG_FILE}" fi + if [ '{{repl ConfigOptionNotEquals "reg_docker_config" "" }}' = "true" ]; + then + DOCKER_CONFIG='{{repl ConfigOptionData "reg_docker_config" | Base64Encode }}' + echo "${DOCKER_CONFIG}" | base64 -d > /tmp/userconfig.json + # Add the registries to the server allowlist + yq e -i ".containerRegistry.privateBaseImageAllowList += $(cat /tmp/userconfig.json | jq '.auths' | jq -rc 'keys')" "${CONFIG_FILE}" + yq e -i ".containerRegistry.privateBaseImageAllowList += \"docker.io\"" "${CONFIG_FILE}" + fi + # Output the local registry secret - this is proxy.replicated.com if user hasn't set their own echo "{{repl LocalRegistryImagePullSecret }}" | base64 -d > /tmp/kotsregistry.json @@ -356,9 +365,6 @@ spec: | base64 -d \ > /tmp/currentconfig.json - DOCKER_CONFIG='{{repl ConfigOptionData "reg_docker_config" | Base64Encode }}' - echo "${DOCKER_CONFIG}" | base64 -d > /tmp/userconfig.json - export REGISTRY_SECRET=$(jq -s '.[0] * .[1]' /tmp/userconfig.json /tmp/currentconfig.json | base64 -w 0) echo "Gitpod: update the in-cluster registry secret" diff --git a/install/kots/manifests/kots-config.yaml b/install/kots/manifests/kots-config.yaml index 7c40adc94e3f46..99ced33b634049 100644 --- a/install/kots/manifests/kots-config.yaml +++ b/install/kots/manifests/kots-config.yaml @@ -119,7 +119,7 @@ spec: when: '{{repl ConfigOptionEquals "reg_docker_config_enable" "1" }}' type: file required: true - help_text: Docker [config JSON file](https://docs.docker.com/engine/reference/commandline/cli/#sample-configuration-file) with auth credentials used to access private registries, for workspace images. + help_text: "Docker [config JSON file](https://docs.docker.com/engine/reference/commandline/cli/#sample-configuration-file) with auth credentials used to access private registries, for workspace images. **NB.** All of the registries in the config with be automatically added to the [`privateBaseImageAllowList`]()." - name: database title: Database