Skip to content

Referencing Secrets to Pull Images from Private Container Registry

Following the successful creation of a Secret Resource, it can seamlessly pull images from the container registries. This approach obviates the need to embed sensitive authentication information directly within the resource configuration.

Container registries, pivotal for storing and managing images, including essential details like registry type, access credentials, and repository information, can efficiently reference pertinent secrets. This ensures a secure and streamlined process for pulling images from a private container registry without exposing sensitive authentication data within the configuration files.

secret_image.yaml
# Images
name: docker-secrets
version: v1
type: secret
secret:
  type: cloud-kernel-image-pull
  acl: r
  data:
    .dockerconfigjson: |
      {
        "auths": {
          "https://index.docker.io/v1/": {
            "auth": "",
            "username": "",
            "password": ""
          }
        }
      }
refer_image_secret.yaml
name: example-alpha
version: v1
type: workflow
workflow:
  dag:
    - name: example
      spec:
        resources:
          requests:
            cpu: 250m
            memory: 500Mi
          limits:
            cpu: 1
            memory: 1Gi
        dataosSecrets:
          - name: workflow-user-secret
            workspace: public
            keys:
              - DATAOS_USER_NAME
              - CLUSTER_NAME
              - DATAOS_API_KEY
              - DATAOS_ENV_NAME
        stack: container
        compute: runnable-default
        stackSpec:
          image: docker.io/helloworldimage/helloworldimage:tag
          imagePullSecret: dockers-secrets
          command:
            - python