Be able to provide the image pulling credentials per run #1568
Comments
Would Kubernetes use this? How would this relate to Could we use the standard XDG directory |
I was also thinking about the XDG approach, it would be good to go that route as long as we're consistent with it (e.g. is our local/system config setup congruent with theirs?) |
The XDG spec uses the default Otherwise, the XDG spec lets implementations free to define rules for merging between local config ( About the option |
What about?
|
That's annoying, but I guess systemd.units is setting that precedent :/ |
I see no sense in following XDG Base Directory Specification as long as rkt is a basically root-only application (and A run-time parameter might alleviate some of the problems above, provided that the user is aware that the image they downloaded with their credentials is available now for use to anyone on the machine. So, what we could do is to provide a general I'm opting for a general |
+1 to krnowak's assessment, basically :-) On Tue, Nov 3, 2015 at 5:43 AM Krzesimir Nowak notifications@github.com
|
Currently when pulling the images from a registry, rkt will read authentication config files under
/etc/rkt/auth.d
. However this prevents multiple users saving their credentials at the same time. Besides this is not safe as different users are able to see each other's credentialsWe need a way to provide the credentials via cmd line flags so that each
rkt run/fetch
takes its own credentials, (e.g. via--auth=file/json
) and also by this, the credentials can become invisible to others.The text was updated successfully, but these errors were encountered: