Can dockerconfigjson handle registry subdomains?

Question

Imagine, I had a private image registry myregistry.corp with several (sub-) repositories e.g. project1.myregistry.corp and project2.myregistry.corp.

If I want to have one common imagePullingSecret, do I need to specify each of them in its dockerconfigjson or is Kubernetes smart enough to find the "closest" specified top level domain for a given domain (e.g. if I want to pull from project1.myregistry.corp/myapp)?

{
  "auths": {
    "myregistry.corp": {
      "username": "my-user",
      "password": "blabla",
      "auth": "blabla"
    }
  }
}

vs.

{
  "auths": {
    "myregistry.corp": {
      "username": "my-user",
      "password": "blabla",
      "auth": "blabla"
    },
    "project1.myregistry.corp": {
      "username": "my-user",
      "password": "blabla",
      "auth": "blabla"
    },
    "project2.myregistry.corp": {
      "username": "my-user",
      "password": "blabla",
      "auth": "blabla"
    }
  }
}

score 1 · Answer 1 · answered Feb 21 '23 at 11:44

Based on Kubernetes documentation:

Kubernetes allows glob URLs as well as prefix-matched paths.

For example, for your use case, the following should be possible:

{
  "auths": {
    "*myregistry.corp": {
      "username": "my-user",
      "password": "blabla",
      "auth": "blabla"
    }
  }
}

Can dockerconfigjson handle registry subdomains?

1 Answers1