Skip to content

(feat) Add OCI scheme support to RemoteURL#1851

Merged
gianlucam76 merged 1 commit into
projectsveltos:mainfrom
gianlucam76:oci
Jun 26, 2026
Merged

(feat) Add OCI scheme support to RemoteURL#1851
gianlucam76 merged 1 commit into
projectsveltos:mainfrom
gianlucam76:oci

Conversation

@gianlucam76

Copy link
Copy Markdown
Member

RemoteURL in PolicyRef now accepts oci:// URLs in addition to http:// and https://.

When a URL starts with oci://, Sveltos pulls the OCI artifact from the registry on each reconciliation using the configured interval, computes a content hash, and redeploys if the content has changed. Identical to the existing HTTP polling behaviour.

Authentication is controlled by the same secretRef field with the same Secret keys:

  • token — Bearer token (OCI RegistryToken)
  • username + password — basic auth
  • caFile — PEM-encoded CA certificate for TLS verification

Content extraction handles two common OCI artifact layouts: a tar archive (the standard ORAS/Flux format), where .yaml, .yml, and .json files are extracted and concatenated; or a raw YAML/JSON blob where the bytes are used directly.

RemoteURL in PolicyRef now accepts oci:// URLs in addition to http:// and https://.

When a URL starts with oci://, Sveltos pulls the OCI artifact from the registry on
each reconciliation using the configured interval, computes a content hash, and redeploys
if the content has changed. Identical to the existing HTTP polling behaviour.

Authentication is controlled by the same secretRef field with the same Secret keys:
- token — Bearer token (OCI RegistryToken)
- username + password — basic auth
- caFile — PEM-encoded CA certificate for TLS verification

Content extraction handles two common OCI artifact layouts: a tar archive (the standard ORAS/Flux
format), where .yaml, .yml, and .json files are extracted and concatenated; or a raw YAML/JSON blob
where the bytes are used directly.
@gianlucam76 gianlucam76 merged commit 827f503 into projectsveltos:main Jun 26, 2026
17 of 18 checks passed
@gianlucam76 gianlucam76 deleted the oci branch June 26, 2026 13:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant