Open steakunderscore opened 5 years ago
Hi @steakunderscore, thanks for filing the issue. Would you be interested in driving the fix? Happy to review the PR and discuss any questions that might come up.
Hi @aysylu, sure thing. I should have time to get to this coming week. I was looking at how crane works in the same regard. I think I'll use it as inspiration.
@steakunderscore perfect, looking forward to your contribution! Could you please clarify which part of crane
you're specifically interested in adopting?
I was specifically thinking about crane digest
which does almost exactly what resolve-tags
does, however seems to try using the ~/.docker/config
before falling back to unauthenticated access to the registry. Should be a couple of lines of code changed, plus some better docs.
Do you guys know a work around for this? I'm working on implementing Kritis/BinAuthz in GCP and w/out this tool it makes things a lot more difficult (Having the same problem)
I stumbled across this recently when trying to get the plugin to work using a private registry. According to the docs for the authn package in go-containerregistry it should be pretty simple, but y'know, famous last words.
I'll be poking about this week to see if I can get it working
That would be great! @andyroyle
Expected Behaviour
I have an image in a private registry
gcr.io/some-project/foo:v1.0.0
, how can I getresolve-tags
to resolve the image tag to digest?There's reference to this issue in docs/tutorial.md. But it has been left as a TODO.
Actual Behavior
Currently trying to call
resolve-tags
with a k8s config including the provate image fails giving the error:Steps to Reproduce the Problem
Where
gcr.io/private-project/foo:v1.0.0
is an image in a registry which is private.cat /tmp/test.yaml
make ./out/resolve-tags
./out/resolve-tags -f /tmp/test.yaml
Additional info
Note that I have replaced my actual project and image name.