Container image-inspector running in Openshift - specify dockercfg


#1

I have an external registry that is secured. You need to authenticate to be able to pull images.
I am trying to Perform a SmartState Analysis against images hosted in this registry.

Unfortunately, I get an authentication error:

2017/12/20 16:16:59 Pulling image my-registry.com:5000/1000/dddd@sha256:xxxxxxxxxx
2017/12/20 16:16:59 Authentication with Default Empty Authentication failed: Get https://my-registry.com:5000/v2/1000/dddd@sha256:xxxxxxxxxx: no basic auth credentials
2017/12/20 16:16:59 Error: Unable to pull docker image: <nil>

Reviewing the ~/pkg/inspector/image-inspector.go file, i can see where it is pulling in the “Default Empty Authentication”

I cannot understand why its defaulting to this.

Is it possible to specify a secret or alternative to a custom/specific dockercfg or username/password that has the relevant priviledges to authenticate against the registry?

I can see that auth.go looks for the local config.json or dockercfg of the user but this will not apply when running in Openshift as I am trying.


#2

Reviewing the manageiq/providers/kubernetes/container_manager/scanning/job.rb

I can also see that it has a method for defining inspector_admin_secret by pulling in the IMAGE_INSPECTOR_SA and obtaining the :imagePullSecrets

I’m assuming this is what should be getting called and then passing the information across when executing an image scan?