Skip to content
This repository has been archived by the owner on Sep 2, 2024. It is now read-only.

Feat: Login to a private image registry #64

Open
mattfarina opened this issue Jul 1, 2021 · 2 comments
Open

Feat: Login to a private image registry #64

mattfarina opened this issue Jul 1, 2021 · 2 comments
Labels
enhancement New feature or request

Comments

@mattfarina
Copy link

Right now KIM works off docker credentials. But, what if you don't have Docker installed? Can we please have a method to login and logout so there's no need to have Docker installed.
@dweomer dweomer added the enhancement New feature or request label Aug 13, 2021
dweomer added a commit to dweomer/kim that referenced this issue Sep 1, 2021
@dweomer
[feature] implement kim-native credentials
0e9252f 
Introduce `kim builder login` that works very much like `docker login`
but instead stores the resulting Docker `config.json` in a kubernetes
secret in the builder namespace. This secret is rendered to disk in a
temp directory for `build` operations (to satisfy buildkit) but is
leveraged as an in-memory keyring for shipping auth credentials for
`push` / `pull` operations. If the secret setup by the `login` cli
operation does not exist, kim reverts to the existing behavior of
consulting the `${DOCKER_CONFIG}/config.json` for registry credentials.

Addresses rancher#64

Signed-off-by: Jacob Blain Christen <[email protected]>
@dweomer dweomer mentioned this issue Sep 1, 2021
Merged
dweomer added a commit to dweomer/kim that referenced this issue Sep 1, 2021
@dweomer
[feature] implement kim-native credentials
2173381 
Introduce `kim builder login` that works very much like `docker login`
but instead stores the resulting Docker `config.json` in a kubernetes
secret in the builder namespace. This secret is rendered to disk in a
temp directory for `build` operations (to satisfy buildkit) but is
leveraged as an in-memory keyring for shipping auth credentials for
`push` / `pull` operations. If the secret setup by the `login` cli
operation does not exist, kim reverts to the existing behavior of
consulting the `${DOCKER_CONFIG}/config.json` for registry credentials.

Addresses rancher#64

Signed-off-by: Jacob Blain Christen <[email protected]>
dweomer added a commit that referenced this issue Sep 1, 2021
@dweomer
[feature] implement kim-native credentials (#71)
6bc1724 
Introduce `kim builder login` that works very much like `docker login`
but instead stores the resulting Docker `config.json` in a kubernetes
secret in the builder namespace. This secret is rendered to disk in a
temp directory for `build` operations (to satisfy buildkit) but is
leveraged as an in-memory keyring for shipping auth credentials for
`push` / `pull` operations. If the secret setup by the `login` cli
operation does not exist, kim reverts to the existing behavior of
consulting the `${DOCKER_CONFIG}/config.json` for registry credentials.

Addresses #64

Signed-off-by: Jacob Blain Christen <[email protected]>
@dweomer
Copy link
Contributor

dweomer commented Sep 1, 2021
edited
Loading

kim builder login as implemented by #71 should address the primary need. Caveats:

  • currently no support for "logout" operation
  • the "login" operation does not actually assert that the credentials are valid (this is tested at build+push,pull/push time)
  • single set of credentials stored as docker-config-json (no fine-grained management of multiple sets)

@fernferret
Copy link

Found this ticket looking for a way to kim builder logout since I just yammered in junk creds and now docker.io won't let me pull anything due to a 401 (ha).

If anyone else stumbles upon this (before kim builder logout is implemented), the PR above notes that the creds are stored in a secret (duh, I was fumbling around in the kim/buildkit containers) and I was able to perform the logout with:

$ kubectl delete secret -n kube-image kim-docker-config

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mattfarina @fernferret @dweomer