https://prefect.io logo
Join Slack
Powered by
Hello, We have deployed Prefect using Helm charts ...
# ask-community
m
Hello, We have deployed Prefect using Helm charts on our Kubernetes cluster. We want to use our custom image for the worker init deployment in the Helm chart. Since the image is stored in a private container registry, we need to define an 
imagePullSecret
to access it. However, the 
initContainer
configuration doesn't include an option to specify environment variables for 
imagePullSecrets
. Is there a way to use a private image for the worker type as the deployment image? Here is default 
initContainers
configuration:
Copy code
initContainers:
  {{- if include "worker.baseJobTemplateName" . }}
  - name: sync-base-job-template
    image: "{{ .Values.worker.image.repository }}:{{ .Values.worker.image.prefectTag }}"
    imagePullPolicy: {{ .Values.worker.image.pullPolicy }}
👍 1
m
Hi, thanks for reaching out - would you mind creating an issue in the [prefect-helm project](https://github.com/PrefectHQ/prefect-helm/)? We'll get to this as soon as possible, and also welcome a PR if you'd like to contribute 👍
t
I've been pulling my hair out with this issue, I wonder why haven't more people running into this issue at all. Private container registry is such a common thing. If only there is just 1 paragraph documentation on how to specify 
imagePullSecrets
in 
deployment.yaml
, the problem would've been solved.
@Melek Alan have you created the issue?
Found the bug and the fix: By default, when creating a new k8 work pool, the 
Base Job Template
json is is WRONG (Ui -> work pool -> setting -> advance tab) The 
"imagePullSecrets": "{{ imagepullsecret }}"
is inserted under 
job_configuration.job_manifest.....spec.containers[]
, which is not correct, it should be inserted under 
...spec
1 level above, so like:
Copy code
json
"containers": [ ...],
"completions": 1,
"imagePullSecrets": "{{ imagepullsecret }}"
Thanks to @Mauricio Cruz from thread https://prefect-community.slack.com/archives/C04DZJC94DC/p1731435693559059
🎉 1
m
👋 haven't forgotten about this, going to dig in and see what changes we can make so this is easier in the future
m
@Mitch Nielsen thank you - it would be great to have better direction from the docs as a start, but ultimately revamping how this config works for pulling from private container registries would be ideal.
j
👋 Hi everyone - I want to clarify the issue you are seeing : is it • the worker container does not respect the defined 
imagePullSecrets
• the worker init container does not respect the defined 
imagePullSecrets
• the base job template of the workpool has 
imagePullSecrets
but the flows that inherit do not
Hi everyone -- following up here. Let me know if we can be of any assistance!
m
@Jamie Zieziula in my specific case, flows started by the 
prefect-worker
deployed to my cluster could not start a job from a private registry. The rest of the details are listed in my original post I was going to refer to docs I used back then, but looks the LLM you're using for docs is down and there's no alternative for a simple search
m
I saw that the search feature on our docs provider was broken earlier, but believe it's back up now
I'm wondering if something like this would work, then:
Copy code
worker:
  cloudApiConfig:
    accountId: sa3ef
    workspaceId: dkdkwlshj
  config:
    workPool: hjmnsdfhjkdfkdkwodkwo

    baseJobTemplate:
      configuration: |
       {
         "job_configuration": {
           "job_manifest": {
             "spec": {
               "imagePullSecrets": "my-pull-secret"
             }
           }
         }
       }
j
^ that should work, but you’ll need to provide the entire base job template!
I walked someone else through this yesterday, albeit via the UI, but the concept is the same. Sounds like a doc/guide on this would be useful. I'll file an issue
8 Views
Open in Slack
PreviousNext
Powered by