100mik
commented
4 weeks ago kapp-controller today will pick up credentials from the ACR keychain if the Kubernetes cluster is attached to an ACR registry.
Are your observations saying otherwise? I believe all you need to do is documented here
Describe the problem/challenge you have
Currently, kapp needs a image pull secret to pull image bundle from remote private docker repository. However, it is not secure to use a secret to store credentials in k8s cluster.
I think passwordless is a better solution. E.g. in Azure, I would like to use managed identities. In this way, I don't need to handle credentials store and rotation.
Describe the solution you'd like
Actually there is some other project doing similar features. E.g. kpack has integrated with ACR key chain to get docker credential on demand.
Another project is doing similar thing. azure_credentials support GetCredentials through cloud provider interface.
Anything else you would like to add:
N/A
Vote on this request
This is an invitation to the community to vote on issues, to help us prioritize our backlog. Use the "smiley face" up to the right of this comment to vote.
👍 "I would like to see this addressed as soon as possible" 👎 "There are other more important things to focus on right now"
We are also happy to receive and review Pull Requests if you want to help working on this issue.