Skip to content

[installer] Support adding image pull secrets even when the internal (in-cluster) registry is used #10792

Closed
@corneliusludmann

Description

@corneliusludmann

Currently, we can add image pull secrets only when an external registry is used like this:

containerRegistry:
  inCluster: false
  external:
    url: my-registry.example.com
    certificate:
      kind: secret
      name: my-registry-credentials

However, when we use an in-cluster registry, customers would probably still want to add pull secrets for workspace base images.

I would suggest to deprecate the certificate block under external and moving it directly under containerRegistry. Like this:

containerRegistry:
  inCluster: false
  external:
    url: my-registry.example.com
  certificate:
    kind: secret
    name: my-registry-credentials

(probably rename “certificate” to “credentials”, however, we probably want to keep this consistent to other occurences of “credentials”, e.g. for the object storage)

That would also allow adding workspace pull secrets when the in-cluster registry is used like this (see also #10791):

containerRegistry:
  inCluster: true
  certificate:
    kind: secret
    name: my-registry-credentials
  privateBaseImageRegistries:
    - my-registry.example.com
    - my-other-registry.example.com

In this case, we need to merge the in-cluster container secret with the secret given here to allow accessing both registries.

Metadata

Metadata

Assignees

No one assigned

    Labels

    team: deliveryIssue belongs to the self-hosted teamtype: improvementImproves an existing feature or existing code

    Type

    No type

    Projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions