Our elastic deployment will eventually be on air-gapped networks without internet access where the container registries have authentication. I see we can set the registry by CLI when we deploy the operator, but authentication seems to still happen on the PodTemplate level. Are there plans to raise this to the CLI? Or is it set up this way on purpose?
We currently do not have any concrete plans to change the current behaviour. The official k8s docs list a few alternatives to specifying imagePullSecrets on every Pod like authenticating the k8s nodes against the Docker registry. Or you could allow unauthenticated access to the registry only from within the k8s cluster. I wonder if one of them would be an option for you?
1 Like
@pebrc we can check those out, thanks for the heads up on the operator plans, we didn't want to kludge around only to have y'all implement that functionality. Thanks again!