Overriding Kubernetes and Container Registry Auto-Authentication

Jonathan_Littleton · July 9, 2019, 3:08am

I noticed that if you have a Container Registry and you want to deploy to a Kubernetes Cluster, that Octopus will automatically deploy a secret to Kubernetes to allow the Registry to communicate to the Kubernetes cluster. Is there a way to disable this behavior? We are using the out of the box Deploy Containers to Kubernetes step.

The use case for this is that we only want certain container registries to deploy to certain kubernetes clusters that we have setup for explicit access.

Version: 2019.3.5 LTS

Jonathan_Littleton · July 5, 2019, 4:00pm

A quick Yes or No would be fine, just wanted to confirm I wasn’t missing anything and our security team was asking.

Michael_Richardson · July 7, 2019, 10:46pm

Hey Jonathan,

We apologize for the delayed reply.

You are correct, currently Octopus will always push the registry credentials as a secret. As you can imagine, the reason for this was to allow kubernetes deployments without preconfiguring the cluster with these credentials.

You are not the first team to request an option to not push the credentials. This is something we are currently considering.

Please reach out if you have any other queries or feedback

Regards,
Michael