From 6a8369f3b104750e17c5f1b12377fc8ecb7142f1 Mon Sep 17 00:00:00 2001
From: Soule BA <soule@weave.works>
Date: Mon, 4 Jul 2022 17:28:31 +0200
Subject: [PATCH] Add docker-registry secrets to OCI doc

A new statement is added to specify that docker-registry secrets are
accepted by OCI Helm repositories.

Signed-off-by: Soule BA <soule@weave.works>
---
 docs/spec/v1beta2/helmrepositories.md | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/docs/spec/v1beta2/helmrepositories.md b/docs/spec/v1beta2/helmrepositories.md
index 29a3832c..15db55b3 100644
--- a/docs/spec/v1beta2/helmrepositories.md
+++ b/docs/spec/v1beta2/helmrepositories.md
@@ -368,7 +368,7 @@ metadata:
   namespace: default
 spec:
   interval: 5m0s
-  url: oci://ghcr.io/stefanprodan/charts
+  url: oci://ghcr.io/my-user/my-private-repo
   type: "oci"
   secretRef:
     name: oci-creds
@@ -383,6 +383,17 @@ stringData:
   password: 123456
 ```
 
+For OCI Helm repositories, Kubernetes secrets of type [kubernetes.io/dockerconfigjson](https://kubernetes.io/docs/concepts/configuration/secret/#secret-types) are also supported.
+It is possible to create one such secret with `kubectl create secret docker-registry`
+or using the Flux CLI:
+
+```yaml
+flux create secret oci ghcr-auth \
+  --url=ghcr.io \
+  --username=flux \
+  --password=${GITHUB_PAT}
+```
+
 #### TLS authentication
 
 **Note:** TLS authentication is not yet supported by OCI Helm repositories.