openwhisk-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chetan Mehrotra <chetan.mehro...@gmail.com>
Subject Re: Using private registry with KubernetesContainerFactory
Date Tue, 10 Sep 2019 05:23:51 GMT
Thanks Dave for confirming.

May be we can change the current approach of building the whole Pod
spec prgramatically to more of a template based. Use a base yaml/json
template [1] (exposed as config) to the podSpec and then update it for
the dynamic part before sending it to Kube API Server.

Then one can customize the template spec in any form (add image
secrets, custom labels, affinity etc)

Chetan Mehrotra
[1] https://github.com/fabric8io/kubernetes-client/blob/master/kubernetes-examples/src/main/java/io/fabric8/kubernetes/examples/CreatePod.java

On Mon, Sep 9, 2019 at 3:29 PM David P Grove <groved@us.ibm.com> wrote:
>
>
>
>
> Chetan Mehrotra <chetan.mehrotra@gmail.com> wrote on 09/09/2019 07:25:18
> AM:
> >
> > Is it possible to configure KubernetesContainerFactory to use runtime
> > images from private registry.
> >
> > From the pod spec it creates [1] I do not see any support for
> > configuring ImagePullSecrets
> >
>
> This is a gap.
>
> The Helm chart will take the values from docker.registry.* and create an
> imagePullSecret.
>
> We use this secret to do the initial pull of runtime images with
> DockerContainerFactory.
>
> At first glance (a) we aren't properly configuring the invoker +
> DockerContainerFactory with this secret if we need to repull the image
> (gets pushed out of the cached images) and (b) we aren't configuring the
> invoker + KubernetesContainerFactory to use this secret at all.
>
> I think it should be relatively easy to add the missing pieces, but far as
> I can tell it doesn't work today.
>
> --dave

Mime
View raw message