Add registry-config option

[squidboylan]

The new registry-config option when used alone looks up the default
podman and docker registry config files and mounts them in the kind
container if they exist. Optionally a user can pass a specific file to
the flag to specify a custom path to mount as the registry config.

[squidboylan]

This is an attempt to simplify #393 , if we would prefer not to have this in the cli I can close this and document the custom kind config solution to #393

[cmoulliard]

I like a lot this PR as it avoids for the user to hack the kind cfg file :-)

[nabuskey]

As we expose more and more kind config through CLI flags that directly corresponds to kind configurations and CLI flags, are we making it easier for people to use this tool? I think when we add flags, we should add a bit more value than exposing kind configuration options.
Since this functionality is already available by providing a kind config file, I think we should add more value by making it easy to mount registry credentials specifically because it's a very common use case.

Thinking about how the problem of credentials mounting is solved, if we expose kind config flag directly this is what that looks like:

idpbuilder create --extraMountsUsage /registry/config.json:/var/lib/kubelet/config.json

Do we want users to enter this every time? We can guess where registry configurations are located because docker and podman store them in $XDG_RUNTIME_DIR/containers/auth.json.

To me, it makes more sense to provide a boolean flag indicating if the user wants to mount registry credentials and we do the rest.

[cmoulliard]

As we expose more and more kind config through CLI flags that directly corresponds to kind configurations and CLI flags, are we making it easier for people to use this tool? I think when we add flags, we should add a bit more value than exposing kind configuration options.

This is a fair point you reported here as yoou ask finally the question "What should be the boundary between what we propose as CLI flags/parameters vs passing such information using kind config file vs something else that users could use to override parameters. Such a something else could be: env variable, idpbuilder yaml config file, etc

Why this is not the purpose of this ticket, it is nevertheless important that we keep in mind such an aspect and that we review what we did or will in a separate ticket to edict rules about that. WDYT ? @nabuskey

[cmoulliard]

To me, it makes more sense to provide a boolean flag indicating if the user wants to mount registry credentials and we do the rest.

As the ultimate goal is to mount the credentials of the user, then having a flag pointing to the config.json or auth.json file (docker vs podman) is probably more appropriate

[blakeromano]

As we expose more and more kind config through CLI flags that directly corresponds to kind configurations and CLI flags, are we making it easier for people to use this tool? I think when we add flags, we should add a bit more value than exposing kind configuration options.

I am 100% in agreement here

[squidboylan]

To me, it makes more sense to provide a boolean flag indicating if the user wants to mount registry credentials and we do the rest.

As the ultimate goal is to mount the credentials of the user, then having a flag pointing to the config.json or auth.json file (docker vs podman) is probably more appropriate

Yeah I was trying to take an approach somewhat between the two last night where we could have a --registry-config that optionally takes a path to a registry config but by default looks for the $XDG_RUNTIME_DIR/containers/auth.json file and if it doesnt find it then looks for the ~/.docker/config.json file but cobra doesn't really provide a great way to do this. I'll put something up later today, either a hacky solution around what I'm describing or one of the two suggestions above.

[squidboylan]

This is kinda hacky but seems reasonable to me. The flag can be used the following ways:

1. If it is not used no registry config is mounted
2. If it is passed on its own (--registry-config) it checks for the default podman and docker registry config paths and uses them if they exist (podman has precedence)
3. If it is passed with a specific file it uses that if it exists (--registry-config="/home/foo/registry/config.json")

It is a little weird that this can take multiple --registry-config flags to specify multiple options but it doesnt seem like a deal breaker (and it makes implementation and understanding how this works a bit easier).

[nabuskey]

The overall approach looks great to me. Thank you so much for this. Please take a look at my comments.

[squidboylan]

I think my latest change addresses all of the comments. Let me know if it looks good, I also squashed the history and updated the PR to reflect the current state of this change.

[nabuskey]

Do you think it's a good idea to fail here? We think the user's intention was to mount registry configuration, but it does not exist. If we do not fail, the cluster is created with configuration that does not match what the user wanted it to be. So it might be a better idea to fail early and ask the user for a valid configuration.

[squidboylan]

Yeah I think that's a good idea, i threw a os.Exit(1) in that block

[nabuskey]

I think it's better to return an error and let the error cascade out to cobra to have an unified experience for users. Right now all fatal errors go out like that.

[squidboylan]

Yep that makes way more sense, pushed that change now

[nabuskey]

/e2e