Add a helm template that creates the imagePullSecret

[docbyte86]

A secret for the imagePullSecrets will be created during installation of the helm chart.

Example:

https://github.com/longhorn/longhorn/blob/master/chart/templates/registry-secret.yaml

privateRegistry:
  # -- Setting that allows you to create a private registry secret.
  createSecret: ~
  # -- URL of a private registry. When unspecified, Longhorn uses the default system registry.
  registryUrl: ~
  # -- User account used for authenticating with a private registry.
  registryUser: ~
  # -- Password for authenticating with a private registry.
  registryPasswd: ~
  # -- Kubernetes secret that allows you to pull images from a private registry. This setting applies only when creation of private registry secrets is enabled. You must include the private registry name in the secret name.
  registrySecret: ~

no

no

[k8s-ci-robot]

This issue is currently awaiting triage.

If Ingress contributors determines this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[longwuyuan]

The project would not support images that are not released by the project and not clear on why you would implement the requirement of a secret to pull a copy of a image, that is already published on the internet without requiring auth.

[docbyte86]

Hello, thank you for your feedback. However, we are using a private container registry, such as Artifactory Jfrog. We use Jfrog as a cache and mirror the container registries from the internet. Authentication is also required here. Therefore, we need to provide the corresponding secrets with the information. It would simplify automation if we could deploy the creation of the secrets via Helm.

You support pulling images using imagePullSecret. So why not create the secret at the same time?

[longwuyuan]

ingress-nginx/charts/ingress-nginx/values.yaml

Line 1206 in 36f2d40

imagePullSecrets: []

[longwuyuan]

You can try to submit a PR that adds the required template and other related code.

Just understand that we are not creating new features because all the resources are occupied with securing the controller and providing a stable reliable controller out of the box. And then its very very few users who need this feature but the project has to maintain it & support it, so it all depends on many factors.

[Gacko]

As Long already stated, we are not going to support this.

There already should be a possibility to provide image pull secrets, see Long's comment.

Creating these secrets is out of scope of the Ingress NGINX project, especially because your approach would require putting clear text passwords into a values.yaml and we do not want to support this approach from a security and maintenance point of view.

This aside, you should also already be able to override the registry images are being pulled from by overriding the global.image.registry property.

So to sum it up: You only need to create the secret on your own. Everything else does already exist and is fully supported by us.