Private images

As we learned in the Flyte Fundamentals guide, Flyte uses OCI-compatible containers to package up your code and third-party dependencies. For production use-cases your images may require proprietary code and configuration that you want to keep private.

You can use different private container registries to host your images, such as AWS ECR, Docker Hub, GitLab Container Registry, and GitHub Container Registry.

To pull private images, ensure that you have the command line tools and login information associated with the registry.

Create a secret

First create a secret that contains all the credentials needed to log into the registry.

Configure imagePullSecrets

Then, you’ll need to specify a imagePullSecrets configuration to pull a private image using one of two methods below.

You can use the default or new service account for this option:

  1. Add your imagePullSecrets configuration to the service account.

  2. Use this service account to log into the private registry and pull the image.

  3. When you create a task/workflow execution this service account should be specified to access the private image.