Skip to content
This repository has been archived by the owner on Feb 15, 2022. It is now read-only.

Automate imagePullSecrets for private images for flux #204

Closed
1 of 2 tasks
samiyaakhtar opened this issue Mar 15, 2019 · 7 comments
Closed
1 of 2 tasks

Automate imagePullSecrets for private images for flux #204

samiyaakhtar opened this issue Mar 15, 2019 · 7 comments
Assignees
@samiyaakhtar
Labels
services-team

Comments

@samiyaakhtar
Copy link
Contributor

samiyaakhtar commented Mar 15, 2019
edited
Loading

Currently, when we use a private image for Project Jackson, we see that flux is able to deploy the clusters, but since it doesn't have access to the image itself, it can't poll changes to the image. This step is necessary in order to automate ACR image triggers for the gitops pipeline.

  • Deploy registry secrets for flux to have access to the ACR using an SP. We can reuse the SP that is being currently used. Given this PR, we should be able to configure flux to use the SP directly
  • Provide guidance or SP creation command which includes ACR access as part of the SP. Since the terraform scripts don't create the SP for the user, it's not possible to grant access to the ACR after an SP has been created.
@samiyaakhtar samiyaakhtar self-assigned this Mar 15, 2019
@timfpark
Copy link
Contributor

@jmspring We should look at automating granting access to ACR (or at least documenting how to do it) such that the cluster has access when it spins up.

@jmspring
Copy link
Contributor

@timfpark - this link describes options. https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/container-registry/container-registry-auth-aks.md

@andrebriggs
Copy link
Member

@samiyaakhtar do the instructions here help to unblock? Should be the same as what @jmspring linked.

@samiyaakhtar
Copy link
Contributor Author

Yes, although this issue is related to flux having access to ACR, which is separate from AKS having access

@samiyaakhtar
Copy link
Contributor Author

samiyaakhtar commented Mar 19, 2019
edited by andrebriggs
Loading

From more testing and quick discussion, we need to automate these on top of what we already have:

  1. Deploy registry secrets for flux to have access to the ACR using an SP. We can reuse the SP that is being currently used. (Flux uses imagePullSecrets to access the ACR and will not have access to it unless this secret is deployed, even if AKS has access. Without the secret, it's able to deploy the manifest but can't poll changes from registry)
  2. Give this SP access to the ACR, which can be used by the AKS cluster too (and the above secret, which grants flux access to ACR)

@andrebriggs andrebriggs changed the title Investigate automating imagePullSecrets for private images for flux Automate imagePullSecrets for private images for flux Mar 20, 2019
@samiyaakhtar samiyaakhtar mentioned this issue Mar 22, 2019
Merged
@dtzar
Copy link
Member

dtzar commented Mar 22, 2019

Second checkbox should be a new item on the backlog :)

@samiyaakhtar
Copy link
Contributor Author

@dtzar Done #255

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@samiyaakhtar samiyaakhtar

Labels
services-team
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@jmspring @timfpark @samiyaakhtar @andrebriggs @dtzar