Skip to content

Commit

Permalink
doc: be more specific about http protocol
Browse files Browse the repository at this point in the history
be more explicit by mentioning the secret may be used for http as well
as for oci artifacts retrieval.

Signed-off-by: Ricardo Maraschini <ricardo.maraschini@gmail.com>
  • Loading branch information
ricardomaraschini committed Jun 14, 2024
1 parent 82530a3 commit 89335cb
Showing 1 changed file with 14 additions and 4 deletions.
18 changes: 14 additions & 4 deletions docs/architecture/adr-001-autopilot-oci-basic-auth-support.md
Original file line number Diff line number Diff line change
Expand Up @@ -36,9 +36,9 @@ type PlanResourceURL struct {
// Sha256 provides an optional SHA256 hash of the URL's content for verification.
Sha256 string `json:"sha256,omitempty"`

// ArtifactPullSecrets holds a reference to a secret where Docker or Basic Auth
// credentials are stored. We use these credentials when pulling the artifacts from
// the URL.
// ArtifactPullSecrets holds a reference to a secret where the credentials are
// stored. We use these credentials when pulling the artifacts from the provided
// URL using any of the supported protocols (http, https, and oci).
ArtifactPullSecret *ArtifactPullSecret `json:"artifactPullSecret,omitempty"`

// Insecure indicates whether certificates in the remote URL (if using TLS) can
Expand All @@ -59,7 +59,7 @@ type ArtifactPullSecret struct {
}
```

The secret pointed to by the provided `ArtifactPullSecret` property is expected to by of type `kubernetes.io/dockerconfigjson` if the protocol in use is `oci://` (see below) or of type `Opaque` if protocols `http://` or `https://` are used.
The secret pointed by the provided `ArtifactPullSecret` will be used for pulling artifacts using either HTTP[S] or OCI protocols and is expected to by of type `kubernetes.io/dockerconfigjson` if the protocol in use is `oci://` or of type `Opaque` if protocols `http://` or `https://` are used (see below for details on the Secret layout).

Example configuration for OCI:

Expand All @@ -81,6 +81,16 @@ artifactPullSecret:
name: artifacts-basic-auth
```
Example configuration for HTTP:
```yaml
url: http://my.file.server/binaries/k0s-v1.30.1+k0s.0
sha256: e95603f167cce6e3cffef5594ef06785b3c1c00d3e27d8e4fc33824fe6c38a99
artifactPullSecret:
namespace: kube-system
name: artifacts-token-based-auth
```
### Secrets Layout
For secrets of type `kubernetes.io/dockerconfigjson` the format is the default for Docker authentications, equal to what is used in a Pod's pull secret. For further details you can refer to the [official documentation](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/).
Expand Down

0 comments on commit 89335cb

Please sign in to comment.