Pull an Image From a Private Registry

With 1.7.0+, you can specify which credential to use for kubelet to pull images from the private registry.

First, you need to follow the kubernetes guide to create the secret.

The secret must be created in the same namespace where the function pods created.
For example, if the function pods are in the fission-function namespace, you need to create the secret in fission-function as well.

Then, specify the secret when creating the environment.

For example, if we want to create a nodejs environment and use secret docker-secret as credential.

$ fission environment create --name nodejs --image fission/node-env \
    --imagepullsecret "docker-secret"

You should see imagePullSecrets in the environment deployment like following.

$ kubectl -n fission-function get deploy -l environmentName=nodejs -o yaml

apiVersion: v1
items:
- apiVersion: extensions/v1beta1
  kind: Deployment
  metadata:
    name: poolmgr-nodejs-default-217063
    namespace: fission-function
    ...
  spec:
    ...
    template:
      ...
      spec:
        ...
        imagePullSecrets:
        - name: docker-secret

Fission won’t check if a secret exists nor examining whether the secret setting works as expected.
You have to check the pod status to ensure everything works as expected.

Last modified September 28, 2021: Fission docsy newsite with blog and docs merged (#39) (4320c0b)