Closed Cryptophobia closed 6 years ago
This seems a little flawed in the design, but I guess the benefit is that you can use a different registry per application. You could potentially use a Google, ECR, or whatever registry you like...as long as the credentials are encoded in the private-registry secret defined for each app...
But the deis-builder needs to be able to pull the private-registry secrets and this makes deis-builder have excessive permissions in my opinion.
Merged!
The deis-builder needs to have access to the private-registry secrets when using
off-cluster
registries.Right now, the breaking error is when using ECR as the private-registry: