Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

doc : When using a Maven master password you should configure helmsecurity #2646

Merged
merged 1 commit into from
Feb 12, 2024
Merged

doc : When using a Maven master password you should configure helmsecurity #2646

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions jkube-kit/doc/src/main/asciidoc/inc/helm/_jkube_helm.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -166,6 +166,12 @@ Defaults to empty string.
| The Helm chart file extension (`tgz`, `tar.bz`, `tar.bzip2`, `tar.bz2`), default value is `tar.gz` if not provided.
| `jkube.helm.chartExtension`

ifeval::["{plugin-type}" == "maven"]
| *security*
| The Maven security dispatcher configuration file. If you use the default security dispatcher, you need to point this to the file containing your master password. If you followed the http://maven.apache.org/guides/mini/guide-encryption.html[Maven Password Encryption guide], this is `${user.home}/.m2/settings-security.xml`.
|
endif::[]

| *<<helm-dependencies, dependencies>>*
| The list of dependencies for this chart.
|
Expand Down
14 changes: 14 additions & 0 deletions jkube-kit/doc/src/main/asciidoc/inc/helm/_jkube_helm_push.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ ifeval::["{plugin-type}" == "maven"]
You can provide helm repository authentication credentials either via properties or using environment variables. It's also possible to specify credentials in maven settings as well. You just
need to add a server entry for your repo like this:

[#helm-repository-authentication-credentials-in-settings-xml]
.Helm Repository Authentication credentials in settings.xml
[source,xml,indent=0,subs="verbatim,quotes,attributes"]
----
Expand All @@ -48,6 +49,19 @@ need to add a server entry for your repo like this:

</settings>
----

If you have encrypted your password with a master password (as outlined in the http://maven.apache.org/guides/mini/guide-encryption.html[Maven Password Encryption guide]), make sure to configure the `security` setting:
[source,xml,indent=0,subs="verbatim,quotes,attributes"]
----
<plugin>
<configuration>
<helm>
<security>~/.m2/security-settings.xml</security>
...
</helm>
</configuration>
</plugin>
----
endif::[]


Expand Down
2 changes: 1 addition & 1 deletion kubernetes-maven-plugin/doc/src/main/asciidoc/inc/_authentication.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -166,7 +166,7 @@ Password:
----

This password then can be used in `authConfig`, `docker.password`
and/or the `<server>` setting configuration. However, putting an
and/or the <<helm-repository-authentication-credentials-in-settings-xml,`<server>` setting configuration>>. However, putting an
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This authentication section is applicable for both pushing docker and helm registries. Since configuring authentication credentials in settings.xml is a similar process, this should not create confusion.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agreed, but what are you suggesting Rohan? I'm not using the plugin to push to Docker registries, so I am a bit hesitant to write documentation for that. Maybe you could push changes to the PR with documentation on pushing Docker registries?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In my opinion, it's fine as it is.

encrypted password into `authConfig` in the `pom.xml` doesn't make
much sense, since this password is encrypted with an individual master
password.
Expand Down
Loading