New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
provide the ability to add imagePullSecrets to different ServiceAccounts so that private images can be fetched #1231
Comments
/cc @jlewi |
What would be a good pattern? Option 1 Expose parameter for imagePullSecrets Option 2 Users does something like
Option 3 Admission controller. Option 1 isn't nearly as flexible as Option 2 or Option 3. Regardless of whether we do 1, I think it would make sense to refactor our ksonnet to support Option 2 better.
|
@jlewi i like the idea of refactoring the ksonnet libsonnet. |
@jlewi I'm currently working on this |
i'm providing a parts mapping as you've suggested so i think i could pick up #56 after this. |
@kkasravi How's this going? |
@jlewi: Update:
the 'map' function maps all resources under jupyterhub as keys of "Kind/metadata.name". jupyterhub['StatefulSet/tf-hub'] and each key would give you that Resource. I also have functions where you can add, modify or delete anything under the resource Right now I'm creating a fix for this ticket but I could use your guidance on how you would like |
Why do you need to do the map command? I thought jupyterhub.libsonnet might just look like the following
So then you can just do
I don't think modifications should be done in kfctl.sh. I'm trying to prevent scope creep in kfctl.sh. My thinking was that if you wanted to modify the ConfigMap you would do the following
Now edit
|
@kkasravi any thoughts? |
copying from the PR This now works
|
ServiceAccounts should have an imagePullSecrets that references a docker-registry name when the image is coming from a different registry or different gcr.io account.
For example for jupyterhub - adding a parameter jupyterHubImageSecret which is then added to the jupyterhub ServiceAccount as
would reference this secret. The secret itself could be added to deploy.sh so that it does something like
The text was updated successfully, but these errors were encountered: