Using the `publish` Subcommand

The publish subcommand allows you to publish provider manifests to an OCI registry by constructing an OCI artifact from the provided directory and/or files and pushing it to the specified registry.

Usage

kubectl operator publish [OPTIONS]

Options

Flag	Short	Description
`--artifact-url`	`-u`	The URL of the OCI artifact to collect component manifests from. This includes the registry and optionally a version/tag. Example: `ttl.sh/${IMAGE_NAME}:5m`
`--dir`	`-d`	The directory containing the provider manifests. The default is the current directory (`.`). Example: `manifests`
`--file`	`-f`	A list of specific manifest files to include in the OCI artifact. You can specify one or more files. Example: `metadata.yaml`, `infrastructure-components.yaml`

Examples

Publish provider manifests from a directory to the OCI registry

This command publishes all files in the manifests directory to the OCI registry specified in the -u option:

kubectl operator publish -u ttl.sh/${IMAGE_NAME}:5m -d manifests

Publish specific manifest files to the OCI registry

This command publishes the metadata.yaml and infrastructure-components.yaml files to the OCI registry:

kubectl operator publish -u ttl.sh/${IMAGE_NAME}:5m -f metadata.yaml -f infrastructure-components.yaml

Publish with both directory and specific files

This command combines both the directory (manifests) and the custom files (metadata.yaml, infrastructure-components.yaml):

kubectl operator publish -u ttl.sh/${IMAGE_NAME}:5m -d manifests -f metadata.yaml -f infrastructure-components.yaml

Publishing Multiple Providers and Versions in an OCI Image

This example demonstrates how to publish three different providers (control-plane kubeadm, bootstrap kubeadm, and infrastructure docker) along with their versioned metadata and components files into a single OCI image. Each provider has two versions (v1.9.3 and v1.9.4), and the corresponding metadata and components files follow versioned naming conventions.

The following layout for the directory can be used:

manifests/
├── control-plane-kubeadm-v1.9.3-metadata.yaml
├── control-plane-kubeadm-v1.9.3-components.yaml
├── bootstrap-kubeadm-v1.9.3-metadata.yaml
├── bootstrap-kubeadm-v1.9.3-components.yaml
├── infrastructure-docker-v1.9.3-metadata.yaml
├── infrastructure-docker-v1.9.3-components.yaml
├── control-plane-kubeadm-v1.9.4-metadata.yaml
├── control-plane-kubeadm-v1.9.4-components.yaml
├── bootstrap-kubeadm-v1.9.4-metadata.yaml
├── bootstrap-kubeadm-v1.9.4-components.yaml
└── infrastructure-docker-v1.9.4-metadata.yaml
└── infrastructure-docker-v1.9.4-components.yaml

capioperator publish -u my-registry.example.com/providers:latest -d manifests \

This will publish both versions (v1.9.3 and v1.9.4) of each provider into single OCI image, and each version will have its corresponding metadata and component files.

Publish with authentication

If authentication is required for the OCI registry, you can specify credentials using environment variables:

export OCI_USERNAME=myusername
export OCI_PASSWORD=mypassword
kubectl operator publish -u ttl.sh/${IMAGE_NAME}:5m -d manifests

OCI Authentication

To securely authenticate with an OCI registry, the publish subcommand relies on environment variables for user credentials. The following environment variables are used:

OCI_USERNAME: The username for the OCI registry.
OCI_PASSWORD: The password associated with the username.
OCI_ACCESS_TOKEN: A token used for authentication.
OCI_REFRESH_TOKEN: A refresh token to obtain new access tokens.

Example of Setting Up OCI Authentication

Set the environment variables with your OCI credentials:

export OCI_USERNAME=myusername
export OCI_PASSWORD=mypassword

Run the publish command, which will automatically use the credentials:

kubectl operator publish -u my-oci-registry.com/${IMAGE_NAME}:v0.0.1 -d manifests

This allows the publish subcommand to authenticate to the OCI registry without requiring you to manually input the credentials.

Cluster API Operator