private registries and node based authorization #226
Comments
|
Hi, thanks! Do you think you could create a secret and refer to it from
deployment label? I could add this functionality.
Example
keel.sh/policy=minor
keel.sh/secret=secretNameHere
…On Tue, Jun 12, 2018, 6:34 AM Dominik Mähl ***@***.***> wrote:
Here is the new bug report as suggested in #50
<#50>. We're currently
investigating using keel.sh as a way to roll out new image versions.
We're not using imagePullSecrets but instead configured the k8s nodes as
described here: (as described here
https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry
under "Configuring Nodes to Authenticate to a Private Repository"
We use docker/registry:v2 as our main registry (hosted on the same
cluster) and are protecting it with basic auth. I already found a way to
install our custom ca certificates via a volumeMount but I found no way to
provide keel.sh with our basic auth credentials.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#226>, or mute the thread
<https://github.com/notifications/unsubscribe-auth/AIqNKZd_2c7bom44OAzIfZwjM0TkOLTFks5t78NZgaJpZM4UkcH7>
.
|
|
Yeah, that would be possible but I'm trying to avoid deployment secrets due to needing them in every deployment and this would be same as adding an imagePullSecret but at a different place in the same yaml, correct? Ideally I could specify an environment variable for keel like so: REGISTRY_SECRET=secretNameHere@privateRegistryNameHere What do you think? |
|
Hmm, I guess if we use dockerconfig secret format, it would support multiple registries: |
|
Reusing the dockerconfig format is a nice idea. If keel uses this from a file instead of a direct secret it would even be possible to mount a node dockerconfig into the container. That way should also work with a secret when it is mounted. If I can help, let me know. |
|
Hi, available in the new release https://github.com/keel-hq/keel/releases/tag/0.9.3, if it doesn't work for your use case either post it here or create a new issue :) |
|
Hi. I was OoO but had time to test this today and can confirm that it works and solves my use case. Thank you very much. |
…hq#226) Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6.2.0 to 6.3.0. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](docker/build-push-action@1556069...1a16264) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Here is the new bug report as suggested in #50. We're currently investigating using keel.sh as a way to roll out new image versions.
We're not using imagePullSecrets but instead configured the k8s nodes as described here: (as described here https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry under "Configuring Nodes to Authenticate to a Private Repository"
We use docker/registry:v2 as our main registry (hosted on the same cluster) and are protecting it with basic auth. I already found a way to install our custom ca certificates via a volumeMount but I found no way to provide keel.sh with our basic auth credentials.
The text was updated successfully, but these errors were encountered: