The aliyun-acr-credential-helper secret-free component allows you to pull container images in various Container Service for Kubernetes (ACK) clusters without the need to configure a secret. You only need to configure the Container Registry instance and the effective scope of the secret-free component in the cluster.
Usage description
The secret-free component is available in two editions: the standard edition and the managed edition. The standard edition component is installed in the clusters on the user side, and the managed edition is hosted on the control plane of the cluster. The two editions of the secret-free component provide features in different ways. You can install a component edition based on your requirements. The following table describes the differences when the two editions of the component provide features.
Item | Standard edition | Managed edition |
Supported clusters and versions | ACK Pro clusters and ACK dedicated clusters that are later than v1.20.0. | ACK Pro clusters, ACK Serverless clusters, and ACS clusters that are later than v1.22.0. |
Query component logs | Supported. | Not supported. |
Method that is used to modify configuration items | Modify the | Use the Container Registry console. |
Mode that is used to implement cross-account image pulls | Worker role, RAM Roles for Service Accounts (RRSA), and AccessKey pair. | RRSA. |
Inject secrets to service accounts without a delay | Supported. | Not supported. |
Number of secrets | Multiple secrets exist in the namespace. | A single secret exists in the namespace. |
Position in which the component is deployed | In the kube-system namespace of the cluster. | In the control plane of the cluster. |
The two editions of the secret-free component cannot be installed at the same time. To use one of the editions, uninstall the other edition first.