I’m using Replicated’s private image registry to host images for my application. This works well for all resources that are created at installation time, but I’m running into permission issues when I run a Kubernetes job that needs to retrieve an image from the same repository.
Message: Failed to pull image "registry.replicated.com/subsalt/runner-full:v0.7.9": rpc error: code = Unknown desc = failed to pull and unpack image "registry.replicated.com/subsalt/runner-full:v0.7.9":
failed to resolve reference "registry.replicated.com/subsalt/runner-full:v0.7.9":
failed to authorize: failed to fetch anonymous token: unexpected status: 401 Unauthorized
We’re running a Kubernetes Job that kicks off several pods to actually complete the pipeline tasks. The pipeline tasks (pods) are what are currently failing with the error above.
How would I update the pod spec for a Job so it got access to the necessary access credentials? It looks like the installer creates an imagePullSecret during installation time, but I’m not sure how to access that post-installation.
Solved it! The solution that worked for me is based on these instructions – I created a new Secret that contained the registry pull secret (see LocalRegistryImagePullSecret), and then added this as the imagePullSecret to the jobs & pods that were failing before. These instructions were helpful as well.
Thanks to the Replicated team (especially @jdewinne!) for the assistance resolving this offline.
Referencing Images - for when you want to tell downstream workloads (e.g. those generated by an operator) where to get their images from with something like