As the title says, I am trying to deploy openwhisk on my kubernetes cluster (and as a containerFactory) using helm 3 but I am using a private registry to pull the action pod images, i.e, action-nodejs-v14.
Despite creating a docker registry secret inside the namespace, the action pod seems not aware of it and it fails saying:
rpc error: code = Unknown desc = Error response from daemon: Head "https://<registry_url>/v2/openwhisk/action-nodejs-v14/manifests/latest": no basic auth credentials
I found this and this issues stating that imagePullSecrets
is not propagated when using kubernetes as a containerFactory and they recommend passing it through a pod-template
from whisk.kubernetes.pod-template
in whiskconfig.conf
but I don't know how an Action Pod should look like since all of them are created by the invoker almost misteriously.
I can confirm the images exist on my private registry and I can download them if I do docker pull <registry_url>/openwhisk/action-nodejs-v14:latest
after loging in.
Is there a way to do this from invoker pod template file? Or any other way?
Thanks!
The solution I found was by propagating the imagePullSecret
with the pod-template
configuration variable in whiskconfig.conf
in the form:
include classpath("application.conf")
whisk{
...
kubernetes {
pod-template = """
apiVersion: v1
kind: Pod
spec:
imagePullSecrets:
- name: <name of your private docker registry>
"""
}
}
Using this configuration, you can pull the function images from your own private docker registry despite openwhisk not supporting this for Kubernetes' Container Factory. For openwhisk-deploy-kube
, the name of your imagePullSecret
is of the form {{ .Release.Name }}-private-registry.auth
if you haven't modified the name on _helpers.tpl