From 2c4794dd68552f6fcd025bebc7cd9552037b72d7 Mon Sep 17 00:00:00 2001 From: Anik Bhattacharjee Date: Fri, 25 Oct 2024 18:02:55 +0530 Subject: [PATCH 1/2] =?UTF-8?q?=F0=9F=93=96=20Document=20how=20to=20config?= =?UTF-8?q?ure=20global=20pull=20secrets?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Closes #1409 --- docs/howto/configure-global-pull-secrets.md | 51 +++++++++++++++++++++ docs/tutorials/install-extension.md | 2 + mkdocs.yml | 1 + 3 files changed, 54 insertions(+) create mode 100644 docs/howto/configure-global-pull-secrets.md diff --git a/docs/howto/configure-global-pull-secrets.md b/docs/howto/configure-global-pull-secrets.md new file mode 100644 index 000000000..afa6556dc --- /dev/null +++ b/docs/howto/configure-global-pull-secrets.md @@ -0,0 +1,51 @@ +--- +tags: + - alpha +--- + +# Configure global pull secrets for allowing components to pull private images + +To configure `catalogd` and `operator-controller` to use authentication information for pulling private images (catalog/bundle images etc), the components can be informed about a kubernetes `Secret` object that contains the relevant auth information. The `Secret` must be of type `kubernetes.io/dockerconfigjson`. + +Once the `Secret` is created, `catalogd` and `operator-controller` needs to be redeployed with an additional field, `--global-pull-secret=/` passed to the respective binaries. + +For eg, create a `Secret` using locally available `config.json`: + +```sh +$ kubectl create secret docker-registry test-secret \ + --from-file=.dockerconfigjson=$HOME/.docker/config.json \ + --namespace olmv1-system +secret/test-secret created +``` + +Verify that the Secret is created: + +```sh +$ kubectl get secret test-secret -n olmv1-system -o yaml +apiVersion: v1 +data: + .dockerconfigjson: ewogICJh.... +kind: Secret +metadata: + creationTimestamp: "2024-10-25T12:05:46Z" + name: test-secret + namespace: olmv1-system + resourceVersion: "237734" + uid: 880138f1-5d98-4bb0-9e45-45e8ebaff647 +type: kubernetes.io/dockerconfigjson +``` + +Modify the `config/base/manager/manager.yaml` file for `catalogd` and `operator-controller` to include the new field in the binary args: + +```yaml + - command: + - ./manager + args: + - ... + - ... + - ... + - --global-pull-secret=olmv1-system/test-secret +``` + +With the above configuration, creating a `ClusterCatalog` or a `ClusterExention` whose content is packaged in a private container image hosted in an image registry, will become possible. + \ No newline at end of file diff --git a/docs/tutorials/install-extension.md b/docs/tutorials/install-extension.md index 95bdb5c3a..d77bee1f8 100644 --- a/docs/tutorials/install-extension.md +++ b/docs/tutorials/install-extension.md @@ -14,6 +14,8 @@ After you add a catalog to your cluster, you can install an extension by creatin * The name, and optionally version, or channel, of the [supported extension](../project/olmv1_limitations.md) to be installed * An existing namespace in which to install the extension +**Note** To install ClusterExentions that are shipped as private container images hosted in an image registry, please see [How to conifgure global pull secrets](../howto/configure-global-pull-secrets.md). + ### ServiceAccount for ClusterExtension Installation and Management Adhering to OLM v1's "Secure by Default" tenet, OLM v1 does not have the permissions diff --git a/mkdocs.yml b/mkdocs.yml index 7df6b7eba..70bda6d35 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -36,6 +36,7 @@ nav: - Uninstall an Extension: tutorials/uninstall-extension.md - How-To Guides: - Catalog queries: howto/catalog-queries.md + - Configure Global pull secrets: howto/configure-global-pull-secrets.md - Channel-Based Upgrades: howto/how-to-channel-based-upgrades.md - Version Pinning: howto/how-to-pin-version.md - Version Range Upgrades: howto/how-to-version-range-upgrades.md From 405aa504f582a72e4667a4abb80f10a368123b31 Mon Sep 17 00:00:00 2001 From: Anik Bhattacharjee Date: Tue, 29 Oct 2024 18:19:32 +0530 Subject: [PATCH 2/2] render custom tags in doc site --- docs/css/extra.css | 17 ++++++++++++++++- docs/howto/configure-global-pull-secrets.md | 2 ++ docs/overrides/main.html | 14 ++++++++++++++ mkdocs.yml | 1 + 4 files changed, 33 insertions(+), 1 deletion(-) create mode 100644 docs/overrides/main.html diff --git a/docs/css/extra.css b/docs/css/extra.css index 0553b3b97..1076bc85b 100644 --- a/docs/css/extra.css +++ b/docs/css/extra.css @@ -7,4 +7,19 @@ .md-nav__item--active > .md-nav__link, /* Active top-level items */ .md-nav__item--nested > .md-nav__link { /* Nested top-level items */ font-weight: bold; -} \ No newline at end of file +} + +.tags-list { + list-style: none; + padding: 0; + } + + .tag { + display: inline-block; + background-color: red; + border-radius: 3px; + padding: 2px 8px; + margin: 2px; + font-size: 0.9em; + color: white; + } diff --git a/docs/howto/configure-global-pull-secrets.md b/docs/howto/configure-global-pull-secrets.md index afa6556dc..2c4622ac6 100644 --- a/docs/howto/configure-global-pull-secrets.md +++ b/docs/howto/configure-global-pull-secrets.md @@ -5,6 +5,8 @@ tags: # Configure global pull secrets for allowing components to pull private images +**Note: The UX for how auth info for using private images is provided is an active work in progress.** + To configure `catalogd` and `operator-controller` to use authentication information for pulling private images (catalog/bundle images etc), the components can be informed about a kubernetes `Secret` object that contains the relevant auth information. The `Secret` must be of type `kubernetes.io/dockerconfigjson`. Once the `Secret` is created, `catalogd` and `operator-controller` needs to be redeployed with an additional field, `--global-pull-secret=/` passed to the respective binaries. diff --git a/docs/overrides/main.html b/docs/overrides/main.html new file mode 100644 index 000000000..e5423ec74 --- /dev/null +++ b/docs/overrides/main.html @@ -0,0 +1,14 @@ +{% extends "base.html" %} + +{% block content %} +
+ {% if page.meta.tags %} +
    + {% for tag in page.meta.tags %} +
  • {{ tag }}
  • + {% endfor %} +
+ {% endif %} +
+{{ super() }} +{% endblock %} diff --git a/mkdocs.yml b/mkdocs.yml index 70bda6d35..2fd96855e 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -4,6 +4,7 @@ site_name: Operator Lifecycle Manager theme: logo: assets/logo.svg name: "material" + custom_dir: docs/overrides palette: primary: black features: