Skip to content

Commit

Permalink
doc: adds expectations with regards to pulling using OCI
Browse files Browse the repository at this point in the history
this commit adds a new section to the adr on oci pulls where we lay down
the expectations when it comes to pulling artifacts through oci.

such expectations are written as an example workflow of what should be
supported.

Signed-off-by: Ricardo Maraschini <[email protected]>
  • Loading branch information
ricardomaraschini committed Dec 3, 2024
1 parent 5007022 commit 078e4b1
Showing 1 changed file with 33 additions and 0 deletions.
33 changes: 33 additions & 0 deletions docs/architecture/adr-001-autopilot-oci-basic-auth-support.md
Original file line number Diff line number Diff line change
Expand Up @@ -110,6 +110,39 @@ secretRef:
name: artifacts-token-based-auth
```
#### Expected workflow
This feature supports pulling both the k0s binary and the k0s air-gap bundle.
Each repository tag should host only one artifact. To remotely host an artifact
and later retrieve it using this feature, the following command is sufficient:
```

Check failure on line 119 in docs/architecture/adr-001-autopilot-oci-basic-auth-support.md

View workflow job for this annotation

GitHub Actions / Lint markdown

Fenced code blocks should have a language specified [Context: "```"]
oras push <registry-address>/<namespace>/<repository>:<tag> <artifact path>
```

For example, to push the k0s binary and its corresponding airgap bundle, use
the following commands:

```

Check failure on line 126 in docs/architecture/adr-001-autopilot-oci-basic-auth-support.md

View workflow job for this annotation

GitHub Actions / Lint markdown

Fenced code blocks should have a language specified [Context: "```"]
# pushing the k0s binary.
oras push registry.company.com/k0s/binary:v1.31.1 k0s
# pushing the k0s airgap bundle.
oras push registry.company.com/k0s/bundle:v1.31.1 k0s-airgap-bundle
```

Once the artifacts are hosted in the OCI registry, the following configuration
is sufficient to enable the pull through OCI:

```yaml
url: oci://registry.company.com/k0s/binary:v1.31.1
sha256: <sha-for-the-binary>
secretRef:
# if auth is required to pull the artifact.
namespace: kube-system
name: artifacts-registry
```
### Secrets Layout
The following standard Kubernetes secret types are supported:
Expand Down

0 comments on commit 078e4b1

Please sign in to comment.