Bring your towel and join one of the fastest growing data communities. Welcome to our second-generation open source orchestration platform, a completely rethought approach to dataflow automation.

Prefect Community

Hi, I am trying to steup a Kubernetes worker to use an image from a private registry for the jobs it creates.
However, there doesn't seem to be an option to pass any kind of image credentials.
Is there any solution? Thanks!

TL;DR How can I use a private image registry with Kubernetes workers

Hey <@U062M0EHGKV>! When using a Kubernetes worker, the Kubernetes cluster that it schedules jobs on is responsible for pulling the image, and the Kubernetes worker doesn’t perform any image pulling. Any configuration for private registries needs to be in your Kubernetes cluster.

Thanks for the quick response :raised_hands: I am just quite new to Kubernetes, so if you could help with this I'd very much appreciate it. I have a secret with the registry's credentials named "regcred" in the namespace of both the server pod and kubernetes worker pod.
Is a cluster a namespace? Do I need to configure the namespace to use these credentials? Or maybe the service account. Sorry, just throwing stuff out here

You’ll need your registry credentials in the namespace where the worker will create jobs. By default, that’s the `default` namespace.

I added "regcred" to the imagePullSecrets of the prefect service account and it was fixed, thank you!

Hi <@U02GE39K551>, I seem to be having problems with permissions on the job pod. The pod runs on a random user everytime and in order for the job to execute it needs to write to /opt/prefect and /.prefect. These files are rwx for root user. Is there a solution to this other than running the pod as root?

I think that’s related to storing results for tasks. Do have any logs that show where the job is trying to write?

Its happening when creating the .prefect folder at the very beginning and in relation to the git clone (pull step)

Gotcha, so you’ll need to change the location for cloning and result storage or update the permissions for the user of your pods. You can change the result storage location by setting the `PREFECT_LOCAL_STORAGE_PATH` environment variable to a different path. You can add a `set_working_directory` set before your `git_clone` step.