Home > Software engineering >  Private Registry for Action Pods in Openwhisk deployed on Kubernetes through helm 3
Private Registry for Action Pods in Openwhisk deployed on Kubernetes through helm 3

Time:03-19

As the title says, I am trying to deploy openwhisk on my kubernetes cluster (and as a containerFactory) using helm 3 but I am using a private registry to pull the action pod images, i.e, action-nodejs-v14.

Despite creating a docker registry secret inside the namespace, the action pod seems not aware of it and it fails saying:

rpc error: code = Unknown desc = Error response from daemon: Head "https://<registry_url>/v2/openwhisk/action-nodejs-v14/manifests/latest": no basic auth credentials

I found this and this issues stating that imagePullSecrets is not propagated when using kubernetes as a containerFactory and they recommend passing it through a pod-template from whisk.kubernetes.pod-template in whiskconfig.conf but I don't know how an Action Pod should look like since all of them are created by the invoker almost misteriously.

I can confirm the images exist on my private registry and I can download them if I do docker pull <registry_url>/openwhisk/action-nodejs-v14:latest after loging in.

Is there a way to do this from invoker pod template file? Or any other way?

Thanks!

CodePudding user response:

The solution I found was by propagating the imagePullSecret with the pod-template configuration variable in whiskconfig.conf in the form:

include classpath("application.conf")
whisk{
  ...
  kubernetes {
    pod-template = """
apiVersion: v1
kind: Pod
spec:
  imagePullSecrets:
  - name: <name of your private docker registry>
"""
  }
}

Using this configuration, you can pull the function images from your own private docker registry despite openwhisk not supporting this for Kubernetes' Container Factory. For openwhisk-deploy-kube, the name of your imagePullSecret is of the form {{ .Release.Name }}-private-registry.auth if you haven't modified the name on _helpers.tpl

  • Related