Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to provide an image pull secret when using "--image-repository" with an internal registry that does not allow anonymous pull requests? #10019

Open
jgoeres opened this issue Dec 21, 2020 · 9 comments
Open

How to provide an image pull secret when using "--image-repository" with an internal registry that does not allow anonymous pull requests? #10019

jgoeres opened this issue Dec 21, 2020 · 9 comments
Labels
area/registry registry related issues help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. kind/feature Categorizes issue or PR as related to a new feature. lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. priority/backlog Higher priority than priority/awaiting-more-evidence.

Comments

@jgoeres
Copy link

jgoeres commented Dec 21, 2020

After a bit of a hiatus, I have been revisiting the whole topic of running minikube from purely local sources (i.e., any images should come from our own private registry). I revisted the issue #8298 that I created in June. The first problem I am running into is that our internal registry does not support anonymous pull access.
In the above mentioned issue, @tstromberg mentioned two sources on how to provide a pull secret - but all of the already require a running cluster, as they both boil down to enabling the registry-creds plugin:

minikube addons configure registry-creds

But at that point all the infrastructure images would already have to be there, no?
Further, this add-on only allows me to specify creds for ECR, GCR, Dockerhub or ACR - what about my own registry?
@priyawadhwa priyawadhwa added the kind/support Categorizes issue or PR as a support question. label Dec 28, 2020
@tstromberg tstromberg added the triage/discuss Items for discussion label Jan 6, 2021
@medyagh
Copy link
Member

medyagh commented Jan 20, 2021

good idea, I would like to fully support this and possibly add integraiton test for it, there is a WIP PR for making addons possible with custom image.

#10111

@medyagh
Copy link
Member

medyagh commented Jan 20, 2021

Further, this add-on only allows me to specify creds for ECR, GCR, Dockerhub or ACR - what about my own registry?

that is a good point, do u know if other simmilar tools using a specific tool that minikube could take advantage of ?
in the past I have seen people deploy a kubertnes secret to their Pod, that will let the pod be able to pull from a specific registery, have u already that ?

@jgoeres
Copy link
Author

jgoeres commented Jan 21, 2021

Forour own product deployment (in an already running cluster) we simply provide allow to provide the registry creds, which go into a secret passed to all pods as an image pull secret. But from my understanding, since we are in the process of bootstrapping the cluster, this probably has to be an "out of band" mechanism.

@spowelljr spowelljr added priority/backlog Higher priority than priority/awaiting-more-evidence. and removed triage/discuss Items for discussion labels Feb 17, 2021
@sharifelgamal
Copy link
Collaborator

Yeah we don't currently support doing this with an arbitrary registry other than just running some sort of kubectl apply once all the pods are up. The way it works for the registry-creds addon is that there is a webhook that supplies the image pull secret to all service accounts as they get created. Adding that as a step to a deployment shouldn't be too difficult.

We would also absolutely accept any PR that adds this feature directly into minikube as an addon.

@sharifelgamal sharifelgamal added kind/feature Categorizes issue or PR as related to a new feature. area/registry registry related issues help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. and removed kind/support Categorizes issue or PR as a support question. labels Mar 31, 2021
@fejta-bot
Copy link

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Jun 29, 2021
@k8s-triage-robot
Copy link

Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

Send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle rotten

@k8s-ci-robot k8s-ci-robot added lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels Jul 29, 2021
@sharifelgamal sharifelgamal removed the lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. label Aug 11, 2021
@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle stale
  • Mark this issue or PR as rotten with /lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Nov 9, 2021
@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

@k8s-ci-robot k8s-ci-robot added lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels Dec 9, 2021
@sharifelgamal sharifelgamal added lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. and removed lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. labels Dec 15, 2021
@sharifelgamal
Copy link
Collaborator

Freezing this as this is definitely a feature we would accept a PR for.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/registry registry related issues help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. kind/feature Categorizes issue or PR as related to a new feature. lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. priority/backlog Higher priority than priority/awaiting-more-evidence.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
9 participants
@tstromberg @jgoeres @medyagh @priyawadhwa @k8s-ci-robot @sharifelgamal @fejta-bot @spowelljr @k8s-triage-robot