Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

option to pass registry auth token using k8s secret #118

Open
prasoon-pxc opened this issue Apr 11, 2024 · 5 comments
Open

option to pass registry auth token using k8s secret #118

prasoon-pxc opened this issue Apr 11, 2024 · 5 comments
Labels
question

Comments

@prasoon-pxc
Copy link

I want to use auth token to fetch image from docker-hub account to avoid rate limit but I do not want to pass whole config.yaml as a secret because I am using helm chart and providing configmap with helm template, now my question is that how we can just define auth thingy using k8s-secret or with envsubst to subsitute its values using ENV variable in k8s job.
And do I need to install envsubst explicitly to get it work.
@xelalexv
Copy link
Owner

This question goes a bit beyond the scope of this project, but here's a sketch of how you can approach this:

  • mount the config into the dregsy pod as usual, using a config map
  • additionally have a secret with the token mounted into the pod
  • add an init container to the pod, in which you source the token, then run envsubst on the config file

The dregsy container images don't contain envsubst, so you need to use a different image for the init container, or extend the dregsy image if you want to use just one image in your pod.

@prasoon-pxc
Copy link
Author

Thanks @xelalexv for the hint, I will try to use init-container with envsubst installed on it and let's see how it goes, we can make this issue open for that time.

@prasoon-pxc
Copy link
Author

So, I am able to configure auth-token for dockerhub using envsubst. Also getting this line in config confirm that it is using auth to connect to dockerhub, but still getting rate-limit error, is there any smooth way where we can check how many pull left for user from dockerhub.

time="2024-04-13T18:49:56Z" level=info msg="using credentials from config" registry=docker.io username=my-dockerhub-user

Also, after enabling auth getting this extra line in logs:

time="2024-04-13T18:46:08Z" level=error msg="invalid character 'e' in literal true (expecting 'r')"

@xelalexv
Copy link
Owner

...is there any smooth way where we can check how many pull left for user from dockerhub.

see here

Also, after enabling auth getting this extra line in logs:

time="2024-04-13T18:46:08Z" level=error msg="invalid character 'e' in literal true (expecting 'r')"

There could be a misspelling of true somewhere in your config.

@prasoon-pxc
Copy link
Author

...is there any smooth way where we can check how many pull left for user from dockerhub.

see here

my user is part of paid docker plans, and I am not getting any rate limit headers in curl request, also this is mentioned in doc

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@xelalexv @prasoon-pxc