Referencing Secrets to Pull Images from Private Container Registry

Following the successful creation of a Secret Resource, it can seamlessly pull images from the container registries. This approach obviates the need to embed sensitive authentication information directly within the resource configuration.

Container registries, pivotal for storing and managing images, including essential details like registry type, access credentials, and repository information, can efficiently reference pertinent secrets. This ensures a secure and streamlined process for pulling images from a private container registry without exposing sensitive authentication data within the configuration files.

secretpull-image

secret_image.yaml

# Images
name: docker-secrets
version: v1
type: secret
secret:
  type: cloud-kernel-image-pull
  acl: r
  data:
    .dockerconfigjson: |
      {
        "auths": {
          "https://index.docker.io/v1/": {
            "auth": "",
            "username": "",
            "password": ""
          }
        }
      }

refer_image_secret.yaml

name: example-alpha
version: v1
type: workflow
workflow:
  dag:
  - name: example
    spec:
      resources:
          requests:
            cpu: 250m
            memory: 500m
          limits:
            cpu: 1
            memory: 1Gi
      dataosSecrets:
          - name: workflow-user-secret
            workspace: public
            keys:
              - DATAOS_USER_NAME
              - CLUSTER_NAME
              - DATAOS_API_KEY
              - DATAOS_ENV_NAME
      stack: container
      compute: runnable-default
      stackSpec:
        image: docker.io/helloworldimage/helloworldimage:tag
        imagePullSecret: dockers-secrets
        command:
          - python