Feature: add support for image pull secrets #124

New Issue

metal3d · 2025-06-26T13:49:10Z

jruipinto commented

2025-06-26 13:49:10 +00:00

(Migrated from github.com)

It would be really useful to have label to allow pulling from private registries similar to what kompose offers with the aid of the label kompose.image-pull-secret check kompose label docs here

The final result would be something like this:

services:
  webapp:
    image: myregistry/myapp:latest
    labels:
      katenary.v3/image-pull-secret: "my-registry-secret"
      
  api:
    image: myregistry/api:latest
    labels:
      katenary.v3/image-pull-secret: |-
        - secret1
        - secret2

It would be really useful to have label to allow pulling from private registries similar to what kompose offers with the aid of the label `kompose.image-pull-secret` [check kompose label docs here](https://kompose.io/user-guide/#komposeimage-pull-secret) The final result would be something like this: ```yml services: webapp: image: myregistry/myapp:latest labels: katenary.v3/image-pull-secret: "my-registry-secret" api: image: myregistry/api:latest labels: katenary.v3/image-pull-secret: |- - secret1 - secret2 ```

metal3d commented

2025-06-26 16:43:51 +00:00

Ho,

IMHO the values.yaml files is the place to put secret names. The generated
file proposes a value to set secrets.

I prefer leaving sensible data out if labels.

I need to think about this request.

Patrice FERLET
http://www.metal3d.org

Le jeu. 26 juin 2025, 15:49, jruipinto @.***> a écrit :

jruipinto created an issue (metal3d/katenary#124)
https://github.com/metal3d/katenary/issues/124

It would be really useful to have label to allow pulling from private
registries similar to what kompose offers with the aid of the label
kompose.image-pull-secret check kompose label docs here
https://kompose.io/user-guide/#komposeimage-pull-secret

The final result would be something like this:

services:
webapp:
image: myregistry/myapp:latest
labels:
katenary.v3/image-pull-secret: "my-registry-secret"

api:
image: myregistry/api:latest
labels:
katenary.v3/image-pull-secret: |- - secret1 - secret2

—
Reply to this email directly, view it on GitHub
https://github.com/metal3d/katenary/issues/124, or unsubscribe
https://github.com/notifications/unsubscribe-auth/AAAYN4COCUBICGLCXRWVSJ33FP263AVCNFSM6AAAAACAGJKJPCVHI2DSMVQWIX3LMV43ASLTON2WKOZTGE3TSMRQHAYDQOI
.
You are receiving this because you are subscribed to this thread.Message
ID: @.***>

Ho, IMHO the values.yaml files is the place to put secret names. The generated file proposes a value to set secrets. I prefer leaving sensible data out if labels. I need to think about this request. Patrice FERLET http://www.metal3d.org Le jeu. 26 juin 2025, 15:49, jruipinto ***@***.***> a écrit : > *jruipinto* created an issue (metal3d/katenary#124) > <https://github.com/metal3d/katenary/issues/124> > > It would be really useful to have label to allow pulling from private > registries similar to what kompose offers with the aid of the label > kompose.image-pull-secret check kompose label docs here > <https://kompose.io/user-guide/#komposeimage-pull-secret> > > The final result would be something like this: > > services: > webapp: > image: myregistry/myapp:latest > labels: > katenary.v3/image-pull-secret: "my-registry-secret" > > api: > image: myregistry/api:latest > labels: > katenary.v3/image-pull-secret: |- - secret1 - secret2 > > — > Reply to this email directly, view it on GitHub > <https://github.com/metal3d/katenary/issues/124>, or unsubscribe > <https://github.com/notifications/unsubscribe-auth/AAAYN4COCUBICGLCXRWVSJ33FP263AVCNFSM6AAAAACAGJKJPCVHI2DSMVQWIX3LMV43ASLTON2WKOZTGE3TSMRQHAYDQOI> > . > You are receiving this because you are subscribed to this thread.Message > ID: ***@***.***> >

jruipinto commented

2025-06-26 18:25:37 +00:00

(Migrated from github.com)

Hi Patrice,

That makes sense to me.
In that case, would it make sense to update the documentation, with the recommendation, on how to approach that problem for those who are coming from Kompose?

Hi Patrice, That makes sense to me. In that case, would it make sense to update the documentation, with the recommendation, on how to approach that problem for those who are coming from Kompose?

metal3d commented

2025-06-26 20:39:04 +00:00

I took some times to think about your request. To go deeper in the explanation here is what could happend.

Let's add a label to give the secret names to make it possible to pull an image. Then, in the values.yaml, the "default" one, the secrets are set.

But, the helm chart doesn't contain the secret itself.

That means that the helm chart cannot be installed with default values. And this is what I want to avoid.

You're right, I will add a page in the documentation.

Thanks a lot!

I took some times to think about your request. To go deeper in the explanation here is what could happend. Let's add a label to give the secret names to make it possible to pull an image. Then, in the values.yaml, the "default" one, the secrets are set. But, the helm chart doesn't contain the secret itself. That means that the helm chart cannot be installed with default values. And this is what I want to avoid. You're right, I will add a page in the documentation. Thanks a lot!

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: Katenary/katenary#124