-
Notifications
You must be signed in to change notification settings - Fork 3.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
proposal: transmit more information to remote snapshotter #8865
Comments
Is it possible to pass |
Yes, I believe it's simple to implement this feature. I'm wondering if we can add this to |
I've looked into this a little more. I do not think that containerd has access to the name of the image pull secret. As far as I know, it seems that |
Yes, I have tried to implement this feature but encountered the same problem as you mentioned. Need more consideration about how the remote snapshotter updates/restores credentials. |
What is the problem you're trying to solve
We tried to find the best way for the remote
snapshotter
to get auth, but ultimately think it should get auth when it needs other than stored in memory or other space.Since k8s 1.8, the node authorizer has been proposed, which has the ability to
Get
secrets used by pods scheduled on that node. So remotesnapshotter
can usekubeconfig
, which is used bykubelet
, to get imagePullSecret when it needs it. When we do this, all we need ispod.Namespace
andpod.Spec.imagePullSecret.Name
.Related to issue Change List to Get when sync imagePullSecret from API server
Describe the solution you'd like
So I wonder if the
containerd
can pass more information to the remotesnapshotter
? For instance,pod.Namespace
andpod.Spec.imagePullSecret.Name
.Additional context
No response
The text was updated successfully, but these errors were encountered: