From 2d29171c5ee6daa2010d59116a24d30680703544 Mon Sep 17 00:00:00 2001 From: dkwon17 Date: Thu, 26 Mar 2026 19:50:23 +0000 Subject: [PATCH 1/4] Update backup registry secret name Signed-off-by: dkwon17 --- .../pages/devworkspace-backup-regular-oci-registry.adoc | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/administration-guide/pages/devworkspace-backup-regular-oci-registry.adoc b/modules/administration-guide/pages/devworkspace-backup-regular-oci-registry.adoc index bf85462f48..06f93a2bc1 100644 --- a/modules/administration-guide/pages/devworkspace-backup-regular-oci-registry.adoc +++ b/modules/administration-guide/pages/devworkspace-backup-regular-oci-registry.adoc @@ -26,26 +26,26 @@ config: backupCronJob: enable: true registry: - authSecret: my-secret + authSecret: devworkspace-backup-registry-auth path: quay.io/my-company-org schedule: '0 */4 * * *' imagePullPolicy: Always ---- <1> For Red Hat OpenShift, the default installation namespace for the {devworkspace} operator is `openshift-operators`. See the xref:devworkspace-operator.adoc[{devworkspace} operator overview]. -The `authSecret` must point to a real {kubernetes} Secret of type `kubernetes.io/dockerconfigjson` containing credentials to access the registry. +The `authSecret` must be named `devworkspace-backup-registry-auth` and point to a real {kubernetes} Secret of type `kubernetes.io/dockerconfigjson` containing credentials to access the registry. The secret should be created in the installation {namespace} for the {devworkspace} operator. To create one, you can use the following command: [source,shell,subs="+attributes,+quotes"] ---- -kubectl create secret docker-registry my-secret --from-file=config.json +kubectl create secret docker-registry devworkspace-backup-registry-auth --from-file=config.json ---- The secret must contain a label `controller.devfile.io/watch-secret=true` to be recognized by the {devworkspace} Operator. [source,shell,subs="+attributes,+quotes"] ---- -kubectl label secret my-secret controller.devfile.io/watch-secret=true +kubectl label secret devworkspace-backup-registry-auth controller.devfile.io/watch-secret=true ---- From 1ccc94a211aebf6038552b6192c1f517f7fd4e0d Mon Sep 17 00:00:00 2001 From: David Kwon Date: Fri, 27 Mar 2026 11:01:09 -0400 Subject: [PATCH 2/4] Update modules/administration-guide/pages/devworkspace-backup-regular-oci-registry.adoc Co-authored-by: Gaurav Trivedi <90042568+gtrivedi88@users.noreply.github.com> --- .../pages/devworkspace-backup-regular-oci-registry.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/administration-guide/pages/devworkspace-backup-regular-oci-registry.adoc b/modules/administration-guide/pages/devworkspace-backup-regular-oci-registry.adoc index 06f93a2bc1..fe3926abac 100644 --- a/modules/administration-guide/pages/devworkspace-backup-regular-oci-registry.adoc +++ b/modules/administration-guide/pages/devworkspace-backup-regular-oci-registry.adoc @@ -33,7 +33,7 @@ config: ---- <1> For Red Hat OpenShift, the default installation namespace for the {devworkspace} operator is `openshift-operators`. See the xref:devworkspace-operator.adoc[{devworkspace} operator overview]. -The `authSecret` must be named `devworkspace-backup-registry-auth` and point to a real {kubernetes} Secret of type `kubernetes.io/dockerconfigjson` containing credentials to access the registry. +The `authSecret` must be named `devworkspace-backup-registry-auth`. It must reference a {kubernetes} Secret of type `kubernetes.io/dockerconfigjson` that contains credentials to access the registry. The secret should be created in the installation {namespace} for the {devworkspace} operator. To create one, you can use the following command: From f5272ba93ee4337acb04d3ed5e712c766be4496b Mon Sep 17 00:00:00 2001 From: David Kwon Date: Fri, 27 Mar 2026 11:01:47 -0400 Subject: [PATCH 3/4] Update modules/administration-guide/pages/devworkspace-backup-regular-oci-registry.adoc Co-authored-by: Gaurav Trivedi <90042568+gtrivedi88@users.noreply.github.com> --- .../pages/devworkspace-backup-regular-oci-registry.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/administration-guide/pages/devworkspace-backup-regular-oci-registry.adoc b/modules/administration-guide/pages/devworkspace-backup-regular-oci-registry.adoc index fe3926abac..6d66277bfa 100644 --- a/modules/administration-guide/pages/devworkspace-backup-regular-oci-registry.adoc +++ b/modules/administration-guide/pages/devworkspace-backup-regular-oci-registry.adoc @@ -40,7 +40,7 @@ To create one, you can use the following command: [source,shell,subs="+attributes,+quotes"] ---- -kubectl create secret docker-registry devworkspace-backup-registry-auth --from-file=config.json +{orch-cli} create secret docker-registry devworkspace-backup-registry-auth --from-file=config.json ---- The secret must contain a label `controller.devfile.io/watch-secret=true` to be recognized by the {devworkspace} Operator. From f2d50805261be7f7d3aa68926dd93cc158039f60 Mon Sep 17 00:00:00 2001 From: David Kwon Date: Fri, 27 Mar 2026 17:50:52 -0400 Subject: [PATCH 4/4] Add warning about auth secret copy functionality Signed-off-by: David Kwon --- .../pages/devworkspace-backup-regular-oci-registry.adoc | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/modules/administration-guide/pages/devworkspace-backup-regular-oci-registry.adoc b/modules/administration-guide/pages/devworkspace-backup-regular-oci-registry.adoc index 6d66277bfa..a3f32425c1 100644 --- a/modules/administration-guide/pages/devworkspace-backup-regular-oci-registry.adoc +++ b/modules/administration-guide/pages/devworkspace-backup-regular-oci-registry.adoc @@ -49,3 +49,8 @@ The secret must contain a label `controller.devfile.io/watch-secret=true` to be ---- kubectl label secret devworkspace-backup-registry-auth controller.devfile.io/watch-secret=true ---- + +[WARNING] +==== +The {devworkspace} Operator copies the `devworkspace-backup-registry-auth` secret to each {devworkspace} {namespace} so that backups from user workspaces can be pushed to the registry. If you do not want that secret copied automatically, create a `devworkspace-backup-registry-auth` secret with user-specific credentials in each {devworkspace} {namespace} instead. +====