I knew that ACK support RRSA authentication. so I just want not to generate AccessKey and attach it to the pod env due to security concern.
There are any way to use service account attach to the runner pod to generate a temporary password to push the image to ACR?
Yes. That's possible. Here is an example of this case: https://github.com/AliyunContainerService/ack-ram-tool/tree/kaniko-example/examples/rrsa/kaniko-in-ack