Configuring the "generatePullSecrets.sh" Script

Owned by Jon Ouimet (Unlicensed)
Last updated: Aug 30, 2022

Introduction

The generatePullSecrets.sh script that is provided in the moc/scripts directory is used to ask the user for credentials for the Docker image registry they'd like to use for pulling the ModelOp images into the Kubernetes cluster for deployment.

The script stores the provided pull secrets in the Kubernetes cluster as a secret in the form of modelop-regcreds kubernetes.io/dockerconfigjson.

This can be seen by executing: kubectl get secrets

Configuration

Given that the default registry referenced by this script is DockerHub, i.e. DOCKER_SERVER=<https://index.docker.io/v1/,> some modifications to the script can be made to enable it to store the secrets for another registry of choice, likely a customer-provided registry where the images need to be pulled so that they are on-premises. The following can be modified to suit this need:

DOCKER_SERVER = This is the address of the Docker registry where the ModelOp Center images are stored.
SECRET_NAME = This is the name that will be given to the Kubernetes secret itself, e.g. modelop-regcreds as indicated above.

With this secret added to Kubernetes, the image pull can be achieved. The script generates a k8s secrets object with the name specified in the script.  Then, when Kubernetes attempts to pull an image for pod ‘X’, it searches through the pull secrets specified for pod ‘X’.  Kubernetes then uses the specified secret when it tries to pull that image. As such, if it is possible to access ModelOp Center images directly from DockerHub, the script will have created the DockerHub credentials provided by ModelOp so that Kubernetes can leverage them. If, however, a local docker repository is preferred or must be targeted as a priority, the same script can be used to supply the credentials needed to pull images from a local Docker repository as well.