Update new parameters in README

Flaconi · Jan 7, 2022 · 57b7319 · 57b7319
1 parent a6cb30c
commit 57b7319
Show file tree

Hide file tree

Showing 4 changed files with 12 additions and 4 deletions.
diff --git a/README.md b/README.md
@@ -104,6 +104,7 @@ Additional variables that can be used (either as `host_vars`/`group_vars` or via
 | `kops_default_build_directory`               | `build`        | Template generation directory |
 | `kops_default_aws_account_limit`             | `[]`           | Limit generated cluster shell scripts to only run for the specified accounts to prevent accidental roll-out in wrong environment. |
 | `kops_default_aws_iam_authenticator_enabled` | `false`        | Enable AWS IAM authenticator |
+| `kops_default_dockerconfig` | `[`<br/>`url:'https://auth.docker.io/token?service=registry.docker.io&scope=repository:ratelimitpreview/test:pull',`<br/>`timeout: 5,`<br/>`user: 'user',`<br/>`token: 'token'`<br/>`]`| Define a sample dockerconfig then create it in secret, please notice that user and token are sample values here, please create `kops_dockerconfig_creds` to overwrite it|
 
 ## Example definition
 
@@ -230,6 +231,13 @@ kops_cluster:
       kms_id: "12345678-9abc-defg-hijk-000000000001"
 ```
 
+ Credentials for login dockerhub registry in your vault, there is a task to verify your account. If this user is invalid, the task will fail on verification. If you don't need secret/dockerconfig anymore, you have to remove `kops_dockerconfig_creds` from your vault.
+```yml
+kops_dockerconfig_creds:
+  user: 'USER'
+  token: 'TOKEN'
+```
+
 
 ## Testing
 

diff --git a/defaults/main.yml b/defaults/main.yml
@@ -119,7 +119,7 @@ kops_default_kubeScheduler:
 ### Verify dockerconfig via get ratelimited
 ### https://docs.docker.com/docker-hub/download-rate-limit/#how-can-i-check-my-current-rate
 ###
-kops_default_dockerconfig_creds:
+kops_default_dockerconfig:
   url: 'https://auth.docker.io/token?service=registry.docker.io&scope=repository:ratelimitpreview/test:pull'
   timeout: 5
   user: 'user'

diff --git a/tasks/asserts.yml b/tasks/asserts.yml
@@ -150,7 +150,7 @@
       {%- if kops_dockerconfig_creds is defined -%}
       {{ kops_dockerconfig_creds }}
       {%- else -%}
-      {{ kops_default_dockerconfig_creds }}
+      {{ kops_default_dockerconfig }}
       {%- endif -%}
 
 - name: "({{ cluster.name }}) ensure kubelet.anonymousAuth is boolean"

diff --git a/tasks/generate_templates.yml b/tasks/generate_templates.yml
@@ -18,11 +18,11 @@
 
 - name: "({{ cluster.name }}) verify kops_dockerconfig_creds for dockerhub"
   uri:
-    url: "{{ kops_dockerconfig_creds.url | default(kops_default_dockerconfig_creds.url )}}"
+    url: "{{ kops_dockerconfig_creds.url | default(kops_default_dockerconfig.url )}}"
     user: "{{ kops_dockerconfig_creds.user }}"
     password: "{{ kops_dockerconfig_creds.token }}"
     force_basic_auth: true
-    timeout: "{{ kops_dockerconfig_creds.timeout | default(kops_default_dockerconfig_creds.timeout )}}"
+    timeout: "{{ kops_dockerconfig_creds.timeout | default(kops_default_dockerconfig.timeout )}}"
   register: _kops_dockerconfig_login
   failed_when: "'token' not in _kops_dockerconfig_login.json"
   when: >