Skip to content

feat: make ADC the default option for GCP authentication when using go-containerregistry #9456

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
renzodavid9 merged 1 commit into from
Jul 2, 2024
Merged

feat: make ADC the default option for GCP authentication when using go-containerregistry #9456

renzodavid9 merged 1 commit into from
Jul 2, 2024

Conversation

@renzodavid9
Copy link
Contributor

@renzodavid9 renzodavid9 commented Jun 28, 2024
edited
Loading

Related with:

Description
This is to remove the dependency with gcloud CLI when interacting with a private Google Registry using the go-containerregistry libray. Changing the implementation of Skaffold's Keychain to first check if it can get the access token through Application Default Credentials, if not possible then it will fallback to use gcloud CLI.

I tried to use the google.Keychain authenticator, but it will first check if the registry is a known Google registry, if not it will fail. This will be breaking a case where users have a custom domain pointing to a Google Registry and configured in their .docker/config.json:

{
  "credHelpers": {
    "mydomain.com": "gcloud" # <- mydomain.com pointing to AR
  },
}

Looks like that case is possible according to https://cloud.google.com/blog/topics/developers-practitioners/hack-your-own-custom-domains-container-registry

Also extending logic to detect known Google Registries (so they don't need to be configured in .docker/config.json)

Follow-up Work (remove if N/A)
We're still missing more places to remove the gcloud dependency. More coming.

@renzodavid9 renzodavid9 added kokoro:force-run forces a kokoro re-run on a PR labels Jun 28, 2024
@kokoro-team kokoro-team removed the kokoro:force-run forces a kokoro re-run on a PR label Jun 28, 2024
@renzodavid9 renzodavid9 marked this pull request as ready for review June 28, 2024 21:32
@renzodavid9 renzodavid9 requested a review from ericzzzzzzz June 28, 2024 21:32
@renzodavid9 renzodavid9 merged commit e976e81 into GoogleContainerTools:main Jul 2, 2024
@renzodavid9 renzodavid9 mentioned this pull request Sep 11, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@ericzzzzzzz ericzzzzzzz ericzzzzzzz approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

size/L

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@renzodavid9 @ericzzzzzzz @kokoro-team