Code Monkey home page Code Monkey logo

Comments (5)

banjoh avatar banjoh commented on June 17, 2024

To make it easy to reproduce and understand what needs to change in Helm, could you provide me with the following?

  • Concrete steps to configure gitlab (or any other freely available repository) with path/scoped based authorisation
  • Any reference (preferably an upstream issue/PR/documentation) of the Buildkit extension

I know this is non-standard from ~/.docker/config.json point of view

This might be a sticking point when deciding on whether to add this support or not, but I'll leave that for later discussions

from helm.

patrikbeno avatar patrikbeno commented on June 17, 2024

All this is based on standard containers/podman/buildah containers-auth.json:

https://github.com/containers/image/blob/main/docs/containers-auth.json.5.md#format

In Gitlab, create to separate repositories; e.g.

  • gitlab.com/mygroup/myproject1
  • gitlab.com/mygroup/myproject2

each of these provide namespace for OCI registry, e.g.:

  • registry.gitlab.com/mygroup/myproject1/mychart1
  • registry.gitlab.com/mygroup/myproject2/mychart2

You can create access tokens for registry pull from each of those repositories/registries (Settings/AccessTokens)

Hence, each of these repos/registries have different authentication tokens.

(Note: as regular user you may not be confronted with this issue, because you use your global personal authentication, and you have access to both repos with same authentication token. However, in CI/CD you typically don't use user authentication, you use group/project scoped auth. tokens.)

(Note2: you typically create tokens on group level, not project level. But you still need different tokens to different groups.)

Now, your local mychart3 may want to add dependency to both mychart1 and mychart2:

apiVersion: v2
name: mychart3
version 1.0.0
dependencies:
- name: mychart1
  version: x
  repository: oci://registry.gitlab.com/mygroup/myproject1
- name: mychart2
  version: x
  repository: oci://registry.gitlab.com/mygroup/myproject2

and your config.json would look like:

{"auths": {
"registry.gitlab.com": {"auth": "base64-encoded-token1"}
}}

^^ This is broken. There is nowhere to put token2 for access to myproject2. helm-dep-up will fail.

You want:

{"auths": {
"registry.gitlab.com/mygroup/myproject1": {"auth": "token1"},
"registry.gitlab.com/mygroup/myproject2": {"auth": "token2"}
}}

This is only way to use helm in this scenario. (Not only helm, but OCI registry in general.)

This is already prototyped/standardized by kubernetes/containers/podman/buildah/buildkit/etc...

from helm.

sabre1041 avatar sabre1041 commented on June 17, 2024

@patrikbeno i am going to do a bit of research into what options we would be able to provide and if any, what enhancements need to be made. I'll circle back after i have a bit more information on the topic at hand

from helm.

gjenkins8 avatar gjenkins8 commented on June 17, 2024

note this duplicate: #11286

from helm.

gjenkins8 avatar gjenkins8 commented on June 17, 2024

will close in favor of the existing issue. I think #11286 (comment) is still the current state

from helm.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.