This operator can be used to propagate a single ImagePullSecret to all namespaces within your cluster, so that images are pulled using authentication.
See also: ROADMAP.md
The second use-case for this operator is to take an authentication token which is required to pull images from a private registry, and to make sure it's available and configured for each and every namespace.
For example, if you were running a multi-tenant service, where each tenant has their own namespaces, and every image is sourced from a common private registry. You could use this operator to propagate the pull secret for each namespace.
The original need for this operator, was to make it easier for users of Kubernetes to consume images from the Docker Hub after recent pricing and rate-limiting changes were brought in, an authenticated account is now required to pull images.
These are the limits as understood at time of writing:
- Unauthenticated users: 100 pulls / 6 hours
- Authenticated users: 200 pulls / 6 hours
- Paying, authenticated users: unlimited downloads
Read also: Docker Hub rate limits & pricing
Pulling images with authentication is required in two scenarios:
- To extend the Docker Hub anonymous pull limits to a practical number
- To access private registries or repos on the Docker Hub
The normal process is as follows, which becomes tedious and repetitive when you have more than one namespace in a cluster.
- Create a secret
- Edit your service account, and add the name of the secret to
imagePullSecrets
k3sup was created by Alex Ellis - the founder of OpenFaaS ® & inlets.
Want to see continued development? Sponsor alexellis on GitHub
MIT