2020-11-28 00:50:11 UTC - Dominic Kim: So you deployed ow with images in the dockerhub but want to invoke blackbox actions with an image in your gitlab registry. https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1606524611370600?thread_ts=1606484852.354900&cid=C3TPCAQG1 ---- 2020-11-28 00:50:43 UTC - Dominic Kim: Generally when you deploy ow, you would build images by yourself and push them to a private registry. https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1606524643370800?thread_ts=1606484852.354900&cid=C3TPCAQG1 ---- 2020-11-28 00:51:00 UTC - Dominic Kim: At that time you need `ImagePullSecret`. https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1606524660371000?thread_ts=1606484852.354900&cid=C3TPCAQG1 ---- 2020-11-28 00:51:16 UTC - Dominic Kim: And it is configurable via <https://github.com/apache/openwhisk-deploy-kube/blob/master/helm/openwhisk/values.yaml#L633> https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1606524676371200?thread_ts=1606484852.354900&cid=C3TPCAQG1 ---- 2020-11-28 00:52:01 UTC - Dominic Kim: Then the kubernetes will try to pull ow images with the secret and blackbox images as well. https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1606524721371400?thread_ts=1606484852.354900&cid=C3TPCAQG1 ---- 2020-11-28 00:52:37 UTC - Dominic Kim: So if you provided no secret, k8s will try to pull your blackbox image but there is no secret configured, it will be failed. https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1606524757371600?thread_ts=1606484852.354900&cid=C3TPCAQG1 ---- 2020-11-28 00:53:24 UTC - Dominic Kim: OW cli does not validate the image when an action is created, so you can check if the image is valid at runtime. https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1606524804371800?thread_ts=1606484852.354900&cid=C3TPCAQG1 ---- 2020-11-28 00:54:15 UTC - Dominic Kim: The reason why I mentioned about the multiple private registry namespaces is, if all users are using the same namespace, you can just configure one secret to access that namespace only. https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1606524855372000?thread_ts=1606484852.354900&cid=C3TPCAQG1 ---- 2020-11-28 00:55:26 UTC - Dominic Kim: But users are invoking blackbox actions with multiple namespaces, for example, userA: <http://private-reg.com/userA|private-reg.com/userA>, userB: <http://private-reg.com/userB|private-reg.com/userB>, you need multiple secrets to access them. https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1606524926372200?thread_ts=1606484852.354900&cid=C3TPCAQG1 ---- 2020-11-28 00:56:15 UTC - Dominic Kim: If namespaces are predefined, you can add all secrets for them, but generally arbitrary users would invoke it with images from arbitrary namespaces. https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1606524975372400?thread_ts=1606484852.354900&cid=C3TPCAQG1 ---- 2020-11-28 00:56:38 UTC - Dominic Kim: Then you need a new feature for users to configure their secrets by themselves in the action. https://openwhisk-team.slack.com/archives/C3TPCAQG1/p1606524998372600?thread_ts=1606484852.354900&cid=C3TPCAQG1 ----
