Docker password rotation #3519
Description
Since v2 goes to be removed. We would lack of an option to easily change currently used password for docker's user which is used to pull the image.
We have discussed this in following topics:
cloudfoundry/cloud_controller_ng#4390
cloudfoundry/cloud_controller_ng#3304
What's the user value of this feature request?
Currently to avoid restarting the application, there's an option to update the image registry user password by using v2 endpoint and it does all necessary steps behind scenes. In v3 this became more complicated and requires multiple actions to be performed.
Can be also achieved via cli, however, requires also multiple actions like:
- create new package - with new password and the image url from current droplet)
cf create-package test --docker-image "<image_path>" - stage that new package
cf stage-package test --package-guid <new_package_guid> - set current droplet to the one just staged
cf set-droplet test <new_droplet_guid>
Would be nice to have this wrapped in something more elegant and easier to use.
Who is the functionality for?
Docker based applications
How often will this functionality be used by the user?
Whenever image registry user password is changed.
Who else is affected by the change?
I don't think so.
Is your feature request related to a problem? Please describe.
Whenever password needs to be rotated, there's also a need to sync it in CF. With v2 it was easy. With v3 it's more complex and would be nice to have some common option to perform such an action.
Describe the solution you'd like
I'd like to change docker user password without a need to restart the application. There's no reason to do it right away. However, actual options like cf restage or cf push does it immediately.