search

fluxcd / flux

Successor: https://github.com/fluxcd/flux2
https://fluxcd.io
Apache License 2.0
6.9k stars 1.08k forks source link

Image metadata lookup credentials handling #836

Closed squaremo closed 6 years ago

squaremo commented 6 years ago

The image metadata "cache" stores its data with keys that include a username, with the idea being that this will avoid leaking information when images have different authentication.

As things stand, however, the username is always an empty string when putting image metadata in the cache, because it's derived from an unassigned Credentials field in the cache warmer. And it's always an empty string when looking up image metadata, because it is given a literal empty Credentials value.

Either these should be fixed to use the actual credentials (e.g., by always finding the imagePullSecret when looking up controllers), or we should just remove the username from the key (or otherwise give up on segregating image metadata).

tamarakaufler commented 6 years ago

This will be fixed as part of the https://github.com/weaveworks/flux/pull/851/files (image-reg-caching branch)