Support custom image from `hub.docker.com/u/saferwall`
Closed this issue · 4 comments
I want to pull image from https://hub.docker.com/u/saferwall
then custom image and upload to gcr.io.
I have uploaded to Container registry GCP but can't find value config to change default flow pull image from hub.docker.com
to gcr.io.
So how i can change that config?
Have you tried enabling privateRegistryServer
in values.yaml
global:
# email used to generate let's encrypt ssl cert.
email: admin@mysaferwall.com
# set to true when using a private docker registry.
privateRegistryServer:
enabled: false << set this one to true, and to token the token used to authenticate to gcr.io
token: ""
When the private registry is enabled, the secret.yaml
creates a secret with the name of regcred
of type: kubernetes.io/dockerconfigjson
that contains the token.:
{{ if eq .Values.global.privateRegistryServer.enabled true }}
apiVersion: v1
kind: Secret
metadata:
name: regcred
data:
.dockerconfigjson: {{ include "saferwall.private-registry.token" . | b64enc }}
type: kubernetes.io/dockerconfigjson
{{- end }}
And this is later used in every deployment to pull images from private registries:
{{ if eq $root.Values.global.privateRegistryServer.enabled true }}
imagePullSecrets:
- name: regcred
{{- end }}
And Google has a different JSON key schema:
{
"type": "service_account",
"project_id": "lian-empty-project",
"private_key_id": "abcd1234efgh",
"private_key": "-----BEGIN PRIVATE KEY-----\nPRIVATEKEY\n-----END PRIVATE KEY-----\n",
"client_email": "pull-images-from-registry@lian-empty-project.iam.gserviceaccount.com",
"client_id": "1234567",
"auth_uri": "https://accounts.google.com/o/oauth3/auth",
"token_uri": "https://accounts.google.com/o/oauth3/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth3/v1/certs",
"client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/pull-images-from-registry%40lian-empty-project.iam.gserviceaccount.com"
}
{{/*
Create the docker private registry server token.
*/}}
{{- define "saferwall.private-registry.token" -}}
{{- if .Values.global.privateRegistryServer.enabled -}}
<< you should edit this one accordingly to the key schema
{{ printf "{\"auths\":{\"https://index.docker.io/v1/\":{\"auth\":\"%s\"}}}" .Values.global.privateRegistryServer.token }}
{{- end -}}
{{- end -}}
Let's say you want to use a custom image for the multi-av avast:
multiav:
enabled: true
name: multiav
vendors:
avast:
enabled: false
replicas: 1
containerPort: 50051
image:
repository: saferwall/goavast << <org/repo>
tag: latest
pullPolicy: Always
Yep i will try it. I have a question about password download file sample on UI. I read saferwall/saferwall-api and found password of download file in /saferwall-api/internal/file/service.go.
It is hardcode, I want change it to my secret when deployment repo saferwall-api. Can I do it?
Please support me!
You can't now but I can easily change that, I will externalize the password so that can be configurable.
This has been fixed now to easily use any private docker registry container.
In the global helm values.yaml:
global:
# set to true when using a private docker registry.
privateRegistryServer:
enabled: true
imageCredentials:
registry: quay.io
username: mr-robot
password: its-not-real