Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clarify ECR Auto-login note, fix CanonicalImageName typos #219

Merged
merged 1 commit into from
Jan 31, 2022
Merged

Clarify ECR Auto-login note, fix CanonicalImageName typos #219

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion docs/spec/v1alpha2/imagerepositories.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -122,7 +122,7 @@ type ImageRepositoryStatus struct {
// +optional
ObservedGeneration int64 `json:"observedGeneration,omitempty"`

// CannonicalName is the name of the image repository with all the
// CanonicalImageName is the name of the image repository with all the
// implied bits made explicit; e.g., `docker.io/library/alpine`
// rather than `alpine`.
// +optional
Expand Down
14 changes: 12 additions & 2 deletions docs/spec/v1beta1/imagerepositories.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -86,6 +86,14 @@ the flag is `--gcp-autologin-for-gcr`.
For [<abbr title="Azure Kubernetes Service">AKS</abbr>][AKS] and [<abbr title="Azure Container Registry">ACR</abbr>][ACR],
the flag is `--azure-autologin-for-acr`.

These flags can be added by including a patch in the `kustomization.yaml` overlay file in your `flux-system`,
as described in [cloud providers authentication guide][]. If there is no need for a security boundary on your
cluster around container registries and you are not using Flux with so-called "soft multi-tenancy", then
you will likely prefer to use the Auto-Login feature for the convenience and improved ease of use.

Alternatively, the advice to use a cron job to refresh a secret token under [Other platforms][other platforms]
below will also work with ECR, GCR, and ACR environments that require security boundaries and soft multi-tenancy.

#### Other platforms

If you are running on another platform that links service permissions to service accounts, you will
Expand Down Expand Up @@ -195,7 +203,7 @@ type ImageRepositoryStatus struct {
// +optional
ObservedGeneration int64 `json:"observedGeneration,omitempty"`

// CannonicalName is the name of the image repository with all the
// CanonicalImageName is the name of the image repository with all the
// implied bits made explicit; e.g., `docker.io/library/alpine`
// rather than `alpine`.
// +optional
Expand All @@ -209,7 +217,7 @@ type ImageRepositoryStatus struct {
}
```

The `CanonicalName` field gives the fully expanded image name, filling in any parts left implicit in
The `CanonicalImageName` field gives the fully expanded image name, filling in any parts left implicit in
the spec. For instance, `alpine` expands to `docker.io/library/alpine`.

The `LastScanResult` field gives a summary of the most recent scan:
Expand Down Expand Up @@ -270,3 +278,5 @@ and reference it under `secretRef`.
[GCR]: https://cloud.google.com/container-registry/docs/overview
[AKS]: https://docs.microsoft.com/en-us/azure/aks/intro-kubernetes
[ACR]: https://docs.microsoft.com/en-us/azure/container-registry/container-registry-intro
[cloud providers authentication guide]: https://fluxcd.io/docs/guides/image-update/#imagerepository-cloud-providers-authentication
[other platforms]: https://fluxcd.io/docs/components/image/imagerepositories/#other-platforms