Problem: Previously all of Kubernetes' image hosting has been out of gcr.io. There were significant egress costs associated with this when images were pulled from entities outside gcp. Refer to https://github.com/kubernetes/k8s.io/wiki/New-Registry-url-for-Kubernetes-(registry.k8s.io)
Solution: As highlighted at KubeCon NA 2022 k8s infra SIG update, the replacement for k8s.gcr.io which is registry.k8s.io is now ready for mainstream use and the old k8s.gcr.io has been formally deprecated and projects are requested to migrate off it. This commit migrates remaining references for kubernetes/git-sync to registry.k8s.io.
Signed-off-by: James Blair <mail@jamesblair.net>
It specifies a HTTP URL which will return username&password which will
be used to authenticate access to the git repo.
This is mainly used for git repo accecpt dynamic password (for example
oauth bare token). Because the dynamic password might expire very soon,
so it's added to the main syncRepo loop.
Typical usage case is work with a sidecar called gce-node-auth on GKE,
it uses the GCE service account's oauth token as password to access
Cloud Source Repo.
Please see the repo below for how it worked.
https://github.com/cydu-cloud/gce-node-auth/blob/master/git-sync-with-gce-node-auth.yaml
* Create a git-sync user to run as, with an entry in /etc/passwd and
writable homedir
* Remove our own validation of key perms - let SSH do that.
* Update docs,
Add an option to specify a git http cookie file in the k8s yaml
that will be configured as the global git cookie file in the git-sync
client.
This is a useful access mechanism for some some hosted repositories
where SSH and passwords are not easily available, such as Google Cloud
Source Repositories.
James Blair
Tim Hockin
David Karlsen
Marco Micera
Chuanying Du
Philippe Dupont
Eugene Chung
Bryce Cronkite-Ratcliff
Hanlin Wang
Pieter Lange
Steve Jernigan
Aman