-
Notifications
You must be signed in to change notification settings - Fork 907
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Crossplane does not use K8s credential providers to pull packages #2561
Comments
@hasheddan I upgraded to v1.6.1 and was curious do I need to have the secret in different format for it to work?
|
@cdenneen was this working prior to upgrade and what version were you coming from? We have a patch coming out due to some issues that this change introduced, but I haven't heard anyone report the behavior you are showing here. If you want to try out the coming patch and see if that addresses the issue you can install with:
|
@cdenneen confirmed in Slack that this also wasn't supported in |
What happened?
Since #2108 Crossplane does not use the credential providers for k8s in
go-contrainerregistry
that would use the identity of the kubelet to fetch packages from a private registry. A current workaround is usingpackagePullSecrets
but that's quite cumbersome because it requires a uploading a token manually (at least for AWS).The providers were deactivated because some issues that seem resolved now: kubernetes/kubernetes#100686
Would be great to see them reactivated in Crossplane.
How can we reproduce it?
Deploy Crossplane on an EKS cluster and let it fetch packages from a private ECR.
What environment did it happen in?
Crossplane version:
Every version since 1.1
The text was updated successfully, but these errors were encountered: