[vSphere][RKE2] Fix docker.io private registry authentication

anmazzotti · anmazzotti · commit 2e448fa427f8 · 2025-06-27T17:08:42.000+02:00
Signed-off-by: Andrea Mazzotti &lt;andrea.mazzotti@suse.com&gt;
diff --git a/.github/workflows/run-vsphere-tests.yaml b/.github/workflows/run-vsphere-tests.yaml
@@ -24,6 +24,7 @@ env:
   GINKGO_LABEL_FILTER: "vsphere"
   TAG: v0.0.1
   DOCKER_REGISTRY_TOKEN: ${{ secrets.DOCKER_REGISTRY_TOKEN }}
+  DOCKER_REGISTRY_USERNAME: ${{ secrets.DOCKER_REGISTRY_USERNAME }}
   DOCKER_REGISTRY_CONFIG: ${{ secrets.DOCKER_REGISTRY_CONFIG }}
   GINKGO_NODES: 2
 
diff --git a/examples/clusterclasses/vsphere/rke2/clusterclass-rke2-example.yaml b/examples/clusterclasses/vsphere/rke2/clusterclass-rke2-example.yaml
@@ -323,7 +323,7 @@ spec:
         valueFrom:
           template: |-
             {{- if .dockerAuthSecret }}
-            "docker.io":
+            "registry-1.docker.io":
               authSecret:
                 name: {{ .dockerAuthSecret }}
                 namespace: {{ .builtin.cluster.namespace }}
@@ -360,7 +360,7 @@ spec:
         valueFrom:
           template: |-
             {{- if .dockerAuthSecret }}
-            "docker.io":
+            "registry-1.docker.io":
               authSecret:
                 name: {{ .dockerAuthSecret }}
                 namespace: {{ .builtin.cluster.namespace }}
diff --git a/test/e2e/README.md b/test/e2e/README.md
@@ -123,7 +123,7 @@ variables:
   TURTLES_VERSION: "v0.0.1" # Version of the turtles image to use
   TURTLES_IMAGE: "ghcr.io/rancher/turtles-e2e" # Rancher turtles image to use. It is pre-loaded from local docker registry in kind environment, but expected to be pulled and available in `eks` cluster environment
   ARTIFACTS_FOLDER: "_artifacts" # Folder for the e2e run artifacts collection with crust-gather.
-  SECRET_KEYS: "NGROK_AUTHTOKEN,NGROK_API_KEY,RANCHER_HOSTNAME,RANCHER_PASSWORD,CAPG_ENCODED_CREDS,AWS_ACCESS_KEY_ID,AWS_SECRET_ACCESS_KEY,AZURE_SUBSCRIPTION_ID,AZURE_CLIENT_ID,AZURE_CLIENT_SECRET,AZURE_TENANT_ID,GCP_PROJECT,GCP_NETWORK_NAME,VSPHERE_TLS_THUMBPRINT,VSPHERE_SERVER,VSPHERE_DATACENTER,VSPHERE_DATASTORE,VSPHERE_FOLDER,VSPHERE_TEMPLATE,VSPHERE_NETWORK,VSPHERE_RESOURCE_POOL,VSPHERE_USERNAME,VSPHERE_PASSWORD,VSPHERE_KUBE_VIP_IP_KUBEADM,VSPHERE_KUBE_VIP_IP_RKE2" # Is a list of environment variable keys, values of which would be excluded from collected artifacts data.
+  SECRET_KEYS: "NGROK_AUTHTOKEN,NGROK_API_KEY,RANCHER_HOSTNAME,RANCHER_PASSWORD,CAPG_ENCODED_CREDS,AWS_ACCESS_KEY_ID,AWS_SECRET_ACCESS_KEY,AZURE_SUBSCRIPTION_ID,AZURE_CLIENT_ID,AZURE_CLIENT_SECRET,AZURE_TENANT_ID,GCP_PROJECT,GCP_NETWORK_NAME,VSPHERE_TLS_THUMBPRINT,VSPHERE_SERVER,VSPHERE_DATACENTER,VSPHERE_DATASTORE,VSPHERE_FOLDER,VSPHERE_TEMPLATE,VSPHERE_NETWORK,VSPHERE_RESOURCE_POOL,VSPHERE_USERNAME,VSPHERE_PASSWORD,VSPHERE_KUBE_VIP_IP_KUBEADM,VSPHERE_KUBE_VIP_IP_RKE2,DOCKER_REGISTRY_TOKEN,DOCKER_REGISTRY_USERNAME,DOCKER_REGISTRY_CONFIG" # Is a list of environment variable keys, values of which would be excluded from collected artifacts data.
 ```
 
 ## Artifacts collection
diff --git a/test/e2e/config/operator.yaml b/test/e2e/config/operator.yaml
@@ -37,7 +37,7 @@ variables:
   SKIP_RESOURCE_CLEANUP: "false"
   SKIP_DELETION_TEST: "false"
   ARTIFACTS_FOLDER: "_artifacts"
-  SECRET_KEYS: "NGROK_AUTHTOKEN,NGROK_API_KEY,RANCHER_HOSTNAME,RANCHER_PASSWORD,CAPG_ENCODED_CREDS,AWS_ACCESS_KEY_ID,AWS_SECRET_ACCESS_KEY,AZURE_SUBSCRIPTION_ID,AZURE_CLIENT_ID,AZURE_CLIENT_SECRET,AZURE_TENANT_ID,GCP_PROJECT,GCP_NETWORK_NAME,GCP_IMAGE_ID,VSPHERE_TLS_THUMBPRINT,VSPHERE_SERVER,VSPHERE_DATACENTER,VSPHERE_DATASTORE,VSPHERE_FOLDER,VSPHERE_TEMPLATE,VSPHERE_NETWORK,VSPHERE_RESOURCE_POOL,VSPHERE_USERNAME,VSPHERE_PASSWORD,VSPHERE_KUBE_VIP_IP_KUBEADM,VSPHERE_KUBE_VIP_IP_RKE2"
+  SECRET_KEYS: "NGROK_AUTHTOKEN,NGROK_API_KEY,RANCHER_HOSTNAME,RANCHER_PASSWORD,CAPG_ENCODED_CREDS,AWS_ACCESS_KEY_ID,AWS_SECRET_ACCESS_KEY,AZURE_SUBSCRIPTION_ID,AZURE_CLIENT_ID,AZURE_CLIENT_SECRET,AZURE_TENANT_ID,GCP_PROJECT,GCP_NETWORK_NAME,GCP_IMAGE_ID,VSPHERE_TLS_THUMBPRINT,VSPHERE_SERVER,VSPHERE_DATACENTER,VSPHERE_DATASTORE,VSPHERE_FOLDER,VSPHERE_TEMPLATE,VSPHERE_NETWORK,VSPHERE_RESOURCE_POOL,VSPHERE_USERNAME,VSPHERE_PASSWORD,VSPHERE_KUBE_VIP_IP_KUBEADM,VSPHERE_KUBE_VIP_IP_RKE2,DOCKER_REGISTRY_TOKEN,DOCKER_REGISTRY_USERNAME,DOCKER_REGISTRY_CONFIG"
 
   # Kubernetes Configuration
   KUBERNETES_VERSION: "v1.31.4"
@@ -117,6 +117,7 @@ variables:
 
   # Credentials used to pull images from docker.io
   DOCKER_REGISTRY_TOKEN: ""
+  DOCKER_REGISTRY_USERNAME: ""
   # The '.dockerconfigjson' value for the dockerconfigjson Secret
   # See: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#registry-secret-existing-credentials
   # This can be used to configure a downstream cluster with a imagePullSecret.
diff --git a/test/e2e/data/cluster-templates/vsphere-rke2-topology.yaml b/test/e2e/data/cluster-templates/vsphere-rke2-topology.yaml
@@ -15,7 +15,8 @@ metadata:
   namespace: '${NAMESPACE}'
 type: Opaque
 stringData:
-  identity-token: "${DOCKER_REGISTRY_TOKEN}"
+  username: "${DOCKER_REGISTRY_USERNAME}"
+  password: "${DOCKER_REGISTRY_TOKEN}"
 ---
 apiVersion: cluster.x-k8s.io/v1beta1
 kind: Cluster
