From 361bedc512ced4f60b4e5ad91958468f2674fab9 Mon Sep 17 00:00:00 2001 From: nakabonne Date: Wed, 6 Jan 2021 15:43:21 +0900 Subject: [PATCH] Update docs to go into details on GCR --- .../piped/configuration-reference.md | 8 ++++- .../piped/configuring-image-watcher.md | 34 +++++++++++++++---- .../en/docs/user-guide/image-watcher.md | 8 ++--- 3 files changed, 39 insertions(+), 11 deletions(-) diff --git a/docs/content/en/docs/operator-manual/piped/configuration-reference.md b/docs/content/en/docs/operator-manual/piped/configuration-reference.md index 1420be65e6..f2be6c0fb3 100644 --- a/docs/content/en/docs/operator-manual/piped/configuration-reference.md +++ b/docs/content/en/docs/operator-manual/piped/configuration-reference.md @@ -141,13 +141,19 @@ Must be one of the following structs: | Field | Type | Description | Required | |-|-|-|-| | name | string | The unique name of the analysis provider. | Yes | -| type | string | The provider type. Currently, only ECR is available. | Yes | +| type | string | The provider type. Currently, `GCR` and `ECR` are available. | Yes | | config | [ImageProviderConfig](/docs/operator-manual/piped/configuration-reference/#imageproviderconfig) | Specific configuration for the specified type of image provider. | Yes | ## ImageProviderConfig Must be one of the following structs: +### ImageProviderGCRConfig + +| Field | Type | Description | Required | +|-|-|-|-| +| serviceAccountFile | string | The path to the json file of service account with the required `roles/storage.objectViewer` role. | No | + ### ImageProviderECRConfig | Field | Type | Description | Required | diff --git a/docs/content/en/docs/operator-manual/piped/configuring-image-watcher.md b/docs/content/en/docs/operator-manual/piped/configuring-image-watcher.md index 90ea75de6a..9fd78be93d 100644 --- a/docs/content/en/docs/operator-manual/piped/configuring-image-watcher.md +++ b/docs/content/en/docs/operator-manual/piped/configuring-image-watcher.md @@ -16,12 +16,38 @@ Define arbitrary number of [image providers](/docs/concepts#image-provider) whic It will run a pull operation every 5 minutes by default. This interval can be set in the `imageWatcher` field touch upon later. Also, we plan to provide a FAKE image provider mentioned below to avoid the rate limit. -Currently, PipeCD is supporting only `ECR`. `GCR` and `DOCKERHUB` are on the roadmap. +Currently, PipeCD is supporting: +- [Google Container Registry (GCR)](https://cloud.google.com/container-registry) +- [Amazon Elastic Container Registry (ECR)](https://aws.amazon.com/ecr) + +### GCR +Append the `GCR` image provider to the Piped configuration file as: + +```yaml +apiVersion: pipecd.dev/v1beta1 +kind: Piped +spec: + imageProviders: + - name: my-gcr + type: GCR + config: + serviceAccountFile: /etc/piped-secret/gcr-service-account.json +``` + +For public repositories, no configuration is required. + +If you want to watch private repository, you should set up authentication. +A [service account](https://cloud.google.com/compute/docs/access/service-accounts) is the only authentication way currently available. +You give the path to the json file of service account with the required `roles/storage.objectViewer` role. + +The full list of GCR fields are [here](/docs/operator-manual/piped/configuration-reference/#imageprovidergcrconfig). ### ECR >NOTE: Currently, it supports only ECR private repositories. +Append the `ECR` image provider to the Piped configuration file as: + ```yaml apiVersion: pipecd.dev/v1beta1 kind: Piped @@ -47,10 +73,6 @@ Hence, you don't have to set `credentialsFile` if you use the environment variab The full list of ECR fields are [here](/docs/operator-manual/piped/configuration-reference/#imageproviderecrconfig). -### GCR - ->TBA - ### DockerHub >TBA @@ -94,4 +116,4 @@ spec: git: username: foo email: foo@example.com -``` \ No newline at end of file +``` diff --git a/docs/content/en/docs/user-guide/image-watcher.md b/docs/content/en/docs/user-guide/image-watcher.md index 8f5dc5e10e..d42efb6ce8 100644 --- a/docs/content/en/docs/user-guide/image-watcher.md +++ b/docs/content/en/docs/user-guide/image-watcher.md @@ -6,7 +6,7 @@ description: > Watching container image changes and automatically deploying the new images. --- -Image watcher automatically triggers a new Deployment when a new image tag stored at a container registry is pushed. That is, it frees you from the hassle of manually updating config-repo every time. +Image watcher automatically triggers a new Deployment when a new image tag is pushed to your container registry. The canonical deployment flow with PipeCD is: @@ -14,7 +14,8 @@ The canonical deployment flow with PipeCD is: 1. You update the config-repo manually. It is the User's responsibility to automate these steps to be done in a series of actions, while it is quite a bit of painful. -Image watcher lets you automate this workflow by continuously pushing to your config-repo. +Image watcher lets you automate this workflow by continuously performing `git push` to your config-repo. +That is, it frees you from the hassle of manually updating config-repo every time. ## Prerequisites Before configuring ImageWatcher, all required Image providers must be configured in the Piped Configuration according to [this guide](/docs/operator-manual/piped/configuring-image-watcher/). @@ -24,7 +25,6 @@ Before configuring ImageWatcher, all required Image providers must be configured Prepare ImageWatcher files placed at the `.pipe/` directory at the root of the Git repository. In that files, you define what image should be watched and what file should be updated. - ```yaml apiVersion: pipecd.dev/v1beta1 kind: ImageWatcher @@ -36,7 +36,7 @@ spec: field: $.spec.template.spec.containers[0].image ``` -Image watcher periodically compares the latest tag of the following images: +Image watcher periodically compares the latest tag of the following two images: - a given `image` in a given `provider` - an image defined at a given `field` in a given `filePath`