troian
commented
2 years ago we should be able to do it now with service.params section introduced in akash-network/node#1348
Open hydrogen18 opened 3 years ago
troian
commented
2 years ago we should be able to do it now with service.params section introduced in akash-network/node#1348
hydrogen18
commented
2 years ago @boz was this added by @arijitAD ? I can't remember.
boz
commented
2 years ago it was added for providers but not for tenants via sdl
andy108369
commented
1 year ago We need to find out how private docker repos work & support whatever auth method is used by the most popular implementations. This issue is just to figure out how that works & how to pass the data to kubernetes, implementation can be another issue
We are currently adding the GH tokens to the service account of the deployment for accessing the private GHCR repo:
# assuming AKASH_DSEQ, AKASH_OSEQ, AKASH_GSEQ are set
ns=$(provider-services show-cluster-ns --provider akash15tl6v6gd0nte0syyxnv57zmmspgju4c3xfmdhk)
# add docker-registry token so the image can be pulled off of the private registry
read -s CR_PAT
kubectl -n $ns create secret docker-registry akash-ghcr-secret \
--docker-server=ghcr.io \
--docker-username=ghcr-ro \
--docker-password=$CR_PAT \
--docker-email=<email-address>
kubectl -n $ns patch serviceaccount default -p '{"imagePullSecrets": [{"name": "akash-ghcr-secret"}]}'
kubectl -n $ns rollout restart deployment
kubectl -n $ns get pods -o wide
The current SDL has us passing in a docker container URL to kubernetes. Kubernetes pulls it down. We should be able to add support for the SDL including some sort of token or username & password & have the provider pass that to kubernetes so it can pull down the container image from a private repo.
We need to find out how private docker repos work & support whatever auth method is used by the most popular implementations. This issue is just to figure out how that works & how to pass the data to kubernetes, implementation can be another issue