From 1e659fd5947b197f6c1cd42b7222f2e339ad29b9 Mon Sep 17 00:00:00 2001
From: Jimmi Dyson <jimmidyson@gmail.com>
Date: Mon, 20 May 2024 14:43:18 +0100
Subject: [PATCH] fix: Upgrade dynamic-credential-provider to v0.5.3

Fixes falling back to origin registry if mirror does not contain
requested image.
---
 .../credentials/credential_provider_config_files_test.go      | 4 ++--
 .../credentials/credential_provider_install_files.go          | 2 +-
 .../templates/dynamic-credential-provider-config.yaml.gotmpl  | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/pkg/handlers/generic/mutation/imageregistries/credentials/credential_provider_config_files_test.go b/pkg/handlers/generic/mutation/imageregistries/credentials/credential_provider_config_files_test.go
index 95ead2fcd..296b4941a 100644
--- a/pkg/handlers/generic/mutation/imageregistries/credentials/credential_provider_config_files_test.go
+++ b/pkg/handlers/generic/mutation/imageregistries/credentials/credential_provider_config_files_test.go
@@ -267,7 +267,7 @@ credentialProviders:
 kind: DynamicCredentialProviderConfig
 mirror:
   endpoint: 98765432.dkr.ecr.us-east-1.amazonaws.com
-  credentialsStrategy: MirrorCredentialsOnly
+  credentialsStrategy: MirrorCredentialsFirst
 credentialProviderPluginBinDir: /etc/kubernetes/image-credential-provider/
 credentialProviders:
   apiVersion: kubelet.config.k8s.io/v1
@@ -315,7 +315,7 @@ credentialProviders:
 kind: DynamicCredentialProviderConfig
 mirror:
   endpoint: mymirror.com
-  credentialsStrategy: MirrorCredentialsOnly
+  credentialsStrategy: MirrorCredentialsFirst
 credentialProviderPluginBinDir: /etc/kubernetes/image-credential-provider/
 credentialProviders:
   apiVersion: kubelet.config.k8s.io/v1
diff --git a/pkg/handlers/generic/mutation/imageregistries/credentials/credential_provider_install_files.go b/pkg/handlers/generic/mutation/imageregistries/credentials/credential_provider_install_files.go
index c60d615e4..d024b94b9 100644
--- a/pkg/handlers/generic/mutation/imageregistries/credentials/credential_provider_install_files.go
+++ b/pkg/handlers/generic/mutation/imageregistries/credentials/credential_provider_install_files.go
@@ -23,7 +23,7 @@ var (
 
 const (
 	//nolint:gosec // Does not contain hard coded credentials.
-	dynamicCredentialProviderImage = "ghcr.io/mesosphere/dynamic-credential-provider:v0.5.0"
+	dynamicCredentialProviderImage = "ghcr.io/mesosphere/dynamic-credential-provider:v0.5.3"
 
 	//nolint:gosec // Does not contain hard coded credentials.
 	credentialProviderTargetDir = "/etc/kubernetes/image-credential-provider/"
diff --git a/pkg/handlers/generic/mutation/imageregistries/credentials/templates/dynamic-credential-provider-config.yaml.gotmpl b/pkg/handlers/generic/mutation/imageregistries/credentials/templates/dynamic-credential-provider-config.yaml.gotmpl
index e1e8dba3c..6bbf3fd95 100644
--- a/pkg/handlers/generic/mutation/imageregistries/credentials/templates/dynamic-credential-provider-config.yaml.gotmpl
+++ b/pkg/handlers/generic/mutation/imageregistries/credentials/templates/dynamic-credential-provider-config.yaml.gotmpl
@@ -4,7 +4,7 @@ kind: DynamicCredentialProviderConfig
 {{- if .Mirror }}
 mirror:
   endpoint: {{ .RegistryHost }}
-  credentialsStrategy: MirrorCredentialsOnly
+  credentialsStrategy: MirrorCredentialsFirst
 {{- break }}
 {{- end }}
 {{- end }}