Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add option to disable node identity #49

Merged

Conversation

vpnachev
Copy link
Member

@vpnachev vpnachev commented Nov 7, 2023

What this PR does / why we need it:
Lakom application now have a new flag --use-only-image-pull-secrets that can be used to let it use only the image pull secrets from the pod.

Lakom extension controller has a configuration option useOnlyImagePullSecrets which respectively controls the --use-only-image-pull-secrets flag.

Which issue(s) this PR fixes:
Fixes #13

Special notes for your reviewer:

Release note:

Lakom application now can be configured via the flag `--use-only-image-pull-secrets` to use only image pull secrets of the pod to authenticate against the OCI registry, i.e. it will not use the node identity or default docker configuration when the flag is set to `true`.
Lakom extension controller now has a configuration option `controllers.useOnlyImagePullSecrets` which controls the value of the lakom flag `--use-only-image-pull-secrets`.

@vpnachev vpnachev requested a review from a team as a code owner November 7, 2023 15:57
@gardener-robot gardener-robot added needs/review Needs review kind/api-change API change with impact on API users needs/second-opinion Needs second review by someone else size/m Size of pull request is medium (see gardener-robot robot/bots/size.py) labels Nov 7, 2023
@gardener-robot-ci-3 gardener-robot-ci-3 added the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Nov 7, 2023
@gardener-robot-ci-1 gardener-robot-ci-1 added needs/ok-to-test Needs approval for testing (check PR in detail before setting this label because PR is run on CI/CD) and removed reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) labels Nov 7, 2023
@gardener-robot-ci-3 gardener-robot-ci-3 added reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) and removed reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) labels Nov 7, 2023
Copy link
Member

@dimityrmirchev dimityrmirchev left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@gardener-robot gardener-robot added reviewed/lgtm Has approval for merging and removed needs/review Needs review needs/second-opinion Needs second review by someone else labels Nov 8, 2023
@gardener-robot-ci-3 gardener-robot-ci-3 added the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label Nov 8, 2023
@vpnachev vpnachev merged commit ea6e70e into gardener:main Nov 8, 2023
1 check passed
@vpnachev vpnachev deleted the enh/add-option-to-disable-node-identity branch November 8, 2023 07:53
@gardener-robot gardener-robot added the status/closed Issue is closed (either delivered or triaged) label Nov 8, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
kind/api-change API change with impact on API users needs/ok-to-test Needs approval for testing (check PR in detail before setting this label because PR is run on CI/CD) reviewed/lgtm Has approval for merging reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) size/m Size of pull request is medium (see gardener-robot robot/bots/size.py) status/closed Issue is closed (either delivered or triaged)
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Add option to disable node identity based authentication to OCI registry
5 participants