0

I'm trying to support two systems both of which pull images from private repos. One is from Kubernetes - which needs imagePullSecrets via a mounted secret and the other just needs standard docker login.

Based on this - Pulling images from private repository in kubernetes without using imagePullSecrets - it does not appear there's a way to use injected values to pull an image inside of Kubernetes - am I wrong?

What i'd really like is for both Kubernetes/Kubeflow and the other system to just both get an array of values (server, login, password, email) and be able to pull a private image.

aronchick
  • 6,786
  • 9
  • 48
  • 75

1 Answers1

2

You can handle both by doing the login at the lower level of dockerd or containerd on the host itself. Otherwise not really, other than mounting the image pull secret into the container if it will respect a dockerconfig.

coderanger
  • 52,400
  • 4
  • 52
  • 75
  • ugh - not what i wanted to hear, but i get it. are there any patterns for doing this kind of thing dynamically? – aronchick Jun 08 '21 at 01:19
  • Where would you be getting the credentials from to make it more "dynamic"? – coderanger Jun 08 '21 at 01:28
  • The idea would be that a user would provide the credentials during a CLI command via (local) environment variables. Most other platforms we would like to support just need these credentials to pull the images - Kubernetes only allows a secret. My current thought is to create a temp secret and just reference that - but it feels hacky. – aronchick Jun 08 '21 at 06:21
  • Yes, there really isn't any way around the creds living in a Secret, that's just how we do something. You can use generateName to help generate randomized names. – coderanger Jun 08 '21 at 09:05