You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
K3s is is K8s. You are welcome to use image pull secrets if you want, they work just fine. Some users prefer to configure registries (endpoints, credentials) on the node itself in the container runtime config so that they are used globally, instead of having to inject them into every pod spec.
Even if we allowed storing credentials in environment variables... you would still have to define the variable contents somewhere - in the systemd unit or env file. I don't see how simply moving them from one file to another would make things any more secure. Do you have a proposal for how this might work that wouldn't just result in their being somewhere else on disk?
Is there a way to use environment variables for the registries.yaml file? It feels insecure to save plain text username and passwords on disk.
https://rancher.com/docs/k3s/latest/en/installation/private-registry/
How K8s does it:
https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
The text was updated successfully, but these errors were encountered: