Support managed identities to pull image bundle from remote private docker repository #1572
Assignees
Labels
discussion
This issue is not a bug or feature and a conversation is needed to find an appropriate resolution
enhancement
This issue is a feature request
Comments
leonard520
added
carvel-triage
leonard520
changed the title
renuy
added
discussion
|
Are your observations saying otherwise? |
|
@100mik Let me clarify my question. From my understanding, when I am wondering if we can elimiate this credential? I am not able to find the code that leverage ACR keychain in code path. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the problem/challenge you have
Currently, kapp needs a image pull secret to pull image bundle from remote private docker repository. However, it is not secure to use a secret to store credentials in k8s cluster.
I think passwordless is a better solution. E.g. in Azure, I would like to use managed identities. In this way, I don't need to handle credentials store and rotation.
Describe the solution you'd like
Actually there is some other project doing similar features. E.g. kpack has integrated with ACR key chain to get docker credential on demand.
Another project is doing similar thing. azure_credentials support GetCredentials through cloud provider interface.
Anything else you would like to add:
N/A
Vote on this request
This is an invitation to the community to vote on issues, to help us prioritize our backlog. Use the "smiley face" up to the right of this comment to vote.
👍 "I would like to see this addressed as soon as possible"
👎 "There are other more important things to focus on right now"
We are also happy to receive and review Pull Requests if you want to help working on this issue.
The text was updated successfully, but these errors were encountered: