From 51189bdc486a3aee9679ac5b6f512512ce18d81b Mon Sep 17 00:00:00 2001 From: Simon Emms Date: Thu, 4 Aug 2022 10:42:11 +0000 Subject: [PATCH] [kots]: only add to base image allow list in airgapped mode --- install/kots/manifests/gitpod-installer-job.yaml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/install/kots/manifests/gitpod-installer-job.yaml b/install/kots/manifests/gitpod-installer-job.yaml index bad00875199c1a..b548a98823182f 100644 --- a/install/kots/manifests/gitpod-installer-job.yaml +++ b/install/kots/manifests/gitpod-installer-job.yaml @@ -144,20 +144,21 @@ spec: if [ '{{repl HasLocalRegistry }}' = "true" ]; then - echo "Gitpod: configuring mirrored container registry" + echo "Gitpod: configuring mirrored container registry for airgapped installation" yq e -i ".repository = \"{{repl LocalRegistryAddress }}\"" "${CONFIG_FILE}" yq e -i ".imagePullSecrets[0].kind = \"secret\"" "${CONFIG_FILE}" yq e -i ".imagePullSecrets[0].name = \"{{repl ImagePullSecretName }}\"" "${CONFIG_FILE}" yq e -i '.dropImageRepo = true' "${CONFIG_FILE}" + + # Add the registry to the server allowlist - keep docker.io in case it's just using the mirrored registry functionality without being airgapped + yq e -i ".containerRegistry.privateBaseImageAllowList += \"{{repl LocalRegistryHost }}\"" "${CONFIG_FILE}" + yq e -i ".containerRegistry.privateBaseImageAllowList += \"docker.io\"" "${CONFIG_FILE}" fi # Output the local registry secret - this is proxy.replicated.com if user hasn't set their own echo "{{repl LocalRegistryImagePullSecret }}" | base64 -d > /tmp/kotsregistry.json - # Add the registries to the server allowlist - yq e -i ".containerRegistry.privateBaseImageAllowList += $(cat /tmp/kotsregistry.json | jq '.auths' | jq -rc 'keys')" "${CONFIG_FILE}" - if [ '{{repl ConfigOptionEquals "reg_incluster" "0" }}' = "true" ]; then echo "Gitpod: configuring external container registry"