Comments (5)
rashedkvm
commented on June 8, 2024
1
- azurecr.io is a public registry and should not require users to set either of these flags
CACertPaths,VerifyCerts, orInsecure. The issue could be related to firewall settings, CORS policy, etc. - As per our team discussion, our goal is only to support TLS connections. For TLS connection to registries with client cert(mTLS) or cert issued by private certificate authorities, we will need additional flag(s) in the apps CLI plugin. Love to get design input regarding the new flag(s).
@danfein ^^
from apps-cli-plugin.
cpage-pivotal
commented on June 8, 2024
We will also need support for Insecure. As @rashedkvm notes, firewall/CORS settings are preventing secure access to public signed registries like azurecr.io, and the developer teams that want to use this capability do not have privileges to override this.
from apps-cli-plugin.
atmandhol
commented on June 8, 2024
@danfein Can we get Design recco for a CA Certs Path flag that can be used multiple times?
from apps-cli-plugin.
danfein
commented on June 8, 2024
Recommendation
--registry-ca-cert
--registry-ca-cert string file path to CA certificate used to authenticate with registry. Flag may be used multiple times
Thinking
registry - included to differentiate this ca cert from other ca certs that may need to be used by other parts of the system.
ca - included to differentiate it from a registry client cert which may also be needed --registry-client-cert
Also considered
--registry-cert - if there was only one cert type would have been a shorter option.
from apps-cli-plugin.
danfein
commented on June 8, 2024
Recommended flags for additional registry configuration
tanzu apps workload create -h
...
--registry-ca-cert string file path to CA certificate used to authenticate with registry.Flag may be used multiple times
--registry-username string username for authenticating with registry
--registry-password string password for authenticating with registry
--registry-token string token for authenticating with registry
from apps-cli-plugin.
Related Issues (20)
- Publish the Apps CLI plugin release as OCI artifact stored in ghcr
- Create combined coverage report for unit and integration tests
- Add --output flag in `clustersupplychain list/get` HOT 1
- Stern latest version (v1.24.0) introduced bugs in Apps Plugin
- `tanzu apps lsp health` for reporting health of the local source registry proxy
- remove `tanzu apps workload update`
- lsp health check error message formatting HOT 1
- `apply` command throws panic error when switching from `--image` source to `--local-path`
- `apply` command doesn't handle switching from `git` to `local-path`
- `apply` doesn't remove the `LSP` workload annotation when switching from `--local-source` to `--git*`
- Workload create/apply lacks validation to prevent inclusion of multiple source types
- workload create/apply includes triplet reference to "error" in output when there's an issue with LSP
- apply/create - `local-source-proxy.apps.tanzu.vmware.com` isn't being removed when included in workload.yaml AND `--source-image` flag/value is included HOT 1
- subpath is being removed when updating lsp or source image workload from file
- Workload create/apply using a workload yaml file lacks validation to prevent inclusion of multiple source types HOT 1
- tail feature does not work with Dockerfile builds
- Make it possible to force an unchanged workload to re-run through the supply chain HOT 2
- Deprecate `create`
- Add `-A` as shorthand for `--all` in `tanzu apps workload delete`
- tail seems to fail if workload name includes `.` char
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from apps-cli-plugin.