task-execution-schemas icon indicating copy to clipboard operation
task-execution-schemas copied to clipboard

Published 20 hours ago verified publisher icon ga4gh

Pulling images from private repositories

Open uniqueg opened this issue 3 years ago • 2 comments

Currently, the specs do not provide for a way to pass secrets to pull a container image from a private repository.

This was requested by the Czech and Greek ELIXIR nodes, see here: https://docs.google.com/spreadsheets/d/1vBFhBQ-nFqhSL5dLjQfOWO6x9BzmV9x6l18p9GYRZdQ/edit#gid=0

Contacts: @xhejtman, @viktoriaas, @zagganas & @vergoulis

uniqueg avatar Nov 05 '21 15:11 uniqueg

Would this be something that could be covered by the addition of https://www.ga4gh.org/ga4gh-passports/ to the spec?

kellrott avatar Nov 05 '21 17:11 kellrott

Possibly, not sure. From how I understand Passport, it's rather for cases where some authority asserts your permissions to access some resource. While the described use case might in principle fit in this setting, I think the more common route is that users get their own access tokens/credentials from container registries. And I don't think Passport is designed to be a general purpose passbook that would allow users to store their own credentials.

I think we should raise this issue in Cloud WS & Passport, because I think it is both an important and reasonably common use case. What do you think, @jb-adams?

uniqueg avatar Nov 06 '21 02:11 uniqueg