As we learned in the Flyte Fundamentals guide, Flyte uses OCI-compatible containers to package up your code and third-party dependencies. For production use-cases your images may require proprietary code and configuration that you want to keep private.
To pull private images, ensure that you have the command line tools and login information associated with the registry.
Create a secret#
First create a secret that contains all the credentials needed to log into the registry.
Then, you’ll need to specify a
imagePullSecrets configuration to pull a
private image using one of two methods below.
You can use the default or new service account for this option:
imagePullSecretsconfiguration to the service account.
Use this service account to log into the private registry and pull the image.
When you create a task/workflow execution this service account should be specified to access the private image.
This option uses a custom pod template
to create a pod. This template is automatically added to every
imagePullSecretsconfiguration to this custom pod template.
Update FlytePropeller about the pod created in the previous step.
imagePullSecrets, along with other customization for the pod, to the PodSpec, which should look similar to this manifest.
The pods with their keys can log in and access the images in the private registry. Once you set up the token to authenticate with the private registry, you can pull images from them.