Merge pull request #674 from anmazzotti/0-16_fix_private_registry_token

anmazzotti · web-flow · commit da1a1a383131 · 2025-06-05T09:32:02.000+02:00
[0.16] Fix private registry token authentication
diff --git a/docs/book/src/02_topics/04_embedded-registry.md b/docs/book/src/02_topics/04_embedded-registry.md
@@ -1,10 +1,12 @@
 # Configuring Embedded Registry in RKE2
 
 ## Overview
+
 RKE2 allows users to enable an **embedded registry** on control plane nodes. When the `embeddedRegistry` option is set to `true` in the `serverConfig`, users can configure the registry using the `PrivateRegistriesConfig` field.
 The process follows [RKE2 docs](https://docs.rke2.io/install/registry_mirror).
 
 ## Enabling Embedded Registry
+
 To enable the embedded registry, set the `embeddedRegistry` field to `true` in the `serverConfig` section of the `RKE2ControlPlane` configuration:
 
 ```yaml
@@ -18,6 +20,7 @@ spec:
 ```
 
 ## Configuring Private Registries
+
 Once the embedded registry is enabled, you can configure private registries using the `PrivateRegistriesConfig` field in `RKE2ConfigSpec`. This field allows you to define registry mirrors, authentication, and TLS settings.
 
 Example:
@@ -38,14 +41,25 @@ spec:
       "myregistry.example.com":
         authSecret:
           name: my-registry-secret
+          namespace: my-secrets-namespace
         tls:
           tlsConfigSecret:
             name: my-registry-tls-secret
+            namespace: my-secrets-namespace
           insecureSkipVerify: false
 ```
 
 ## TLS Secret Format
+
 When configuring the `tlsConfigSecret`, ensure the secret contains the following keys:
+
 - **`ca.crt`** – CA certificate
 - **`tls.key`** – TLS private key
-- **`tls.crt`** – TLS certificate
+- **`tls.crt`** – TLS certificate
+
+## Auth Secret Format
+
+When configuring the `authSecret`, ensure the secret contains the following keys:
+
+- **`username` and `password`** - When using Basic Auth credentials
+- **`identity-token`** - When using a personal access token
diff --git a/pkg/rke2/registries_types.go b/pkg/rke2/registries_types.go
@@ -49,7 +49,7 @@ type AuthConfig struct {
 	Auth string `json:"auth,omitempty" toml:"auth" yaml:"auth,omitempty"`
 	// IdentityToken is used to authenticate the user and get
 	// an access token for the registry.
-	IdentityToken string `json:"identity_token,omitempty" toml:"identitytoken" yaml:"identity_token,omitempty"`
+	IdentityToken string `json:"token,omitempty" toml:"token" yaml:"token,omitempty"`
 }
 
 // TLSConfig contains the CA/Cert/Key used for a registry.

Original file line number	Diff line number	Diff line change
`@@ -49,7 +49,7 @@ type AuthConfig struct {`
`49`	`49`	Auth string `json:"auth,omitempty" toml:"auth" yaml:"auth,omitempty"`
`50`	`50`	`// IdentityToken is used to authenticate the user and get`
`51`	`51`	`// an access token for the registry.`
`52`		- IdentityToken string `json:"identity_token,omitempty" toml:"identitytoken" yaml:"identity_token,omitempty"`
	`52`	+ IdentityToken string `json:"token,omitempty" toml:"token" yaml:"token,omitempty"`
`53`	`53`	`}`
`54`	`54`
`55`	`55`	`// TLSConfig contains the CA/Cert/Key used for a registry.`