Closed docbyte86 closed 2 weeks ago
This issue is currently awaiting triage.
If Ingress contributors determines this is a relevant issue, they will accept it by applying the triage/accepted
label and provide further guidance.
The triage/accepted
label can be added by org members by writing /triage accepted
in a comment.
The project would not support images that are not released by the project and not clear on why you would implement the requirement of a secret to pull a copy of a image, that is already published on the internet without requiring auth.
Hello, thank you for your feedback. However, we are using a private container registry, such as Artifactory Jfrog. We use Jfrog as a cache and mirror the container registries from the internet. Authentication is also required here. Therefore, we need to provide the corresponding secrets with the information. It would simplify automation if we could deploy the creation of the secrets via Helm.
You support pulling images using imagePullSecret. So why not create the secret at the same time?
You can try to submit a PR that adds the required template and other related code.
Just understand that we are not creating new features because all the resources are occupied with securing the controller and providing a stable reliable controller out of the box. And then its very very few users who need this feature but the project has to maintain it & support it, so it all depends on many factors.
As Long already stated, we are not going to support this.
There already should be a possibility to provide image pull secrets, see Long's comment.
Creating these secrets is out of scope of the Ingress NGINX project, especially because your approach would require putting clear text passwords into a values.yaml
and we do not want to support this approach from a security and maintenance point of view.
This aside, you should also already be able to override the registry images are being pulled from by overriding the global.image.registry
property.
So to sum it up: You only need to create the secret on your own. Everything else does already exist and is fully supported by us.
A secret for the imagePullSecrets will be created during installation of the helm chart.
Example:
https://github.com/longhorn/longhorn/blob/master/chart/templates/registry-secret.yaml
no
no