Skip to content

feat(sandbox): add registry pull secret support#632

Closed
cheese-head wants to merge 1 commit intoNVIDIA:mainfrom
cheese-head:606-sandbox-registry-secret/cheese-head
Closed

feat(sandbox): add registry pull secret support#632
cheese-head wants to merge 1 commit intoNVIDIA:mainfrom
cheese-head:606-sandbox-registry-secret/cheese-head

Conversation

@cheese-head
Copy link
Copy Markdown

@cheese-head cheese-head commented Mar 26, 2026

Summary

Add sandbox registry secret management and image pull secret support so private registry images can be used in openshell sandbox create without relying on manual wrapper-image workarounds. This makes private image pulls a first-class sandbox workflow using Kubernetes-native imagePullSecrets.

Related Issue

Closes #606

Changes

  • Added openshell sandbox secret create registry for creating reusable registry pull secrets
  • Added openshell sandbox secret list and openshell sandbox secret delete
  • Added --image-pull-secret <name> to openshell sandbox create
  • Extended SandboxTemplate to carry image_pull_secrets
  • Wired sandbox pod generation to emit spec.imagePullSecrets
  • Added validation for oversized image_pull_secrets entries
  • Added CLI/server tests for the new secret and image-pull-secret flow
  • Updated sandbox docs to show private registry usage with registry secrets

Testing

  • mise run pre-commit passes
  • Unit tests added/updated
  • E2E tests added/updated (if applicable)

Notes:

  • Ran cargo fmt --all
  • Ran cargo test -p openshell-cli
  • Ran cargo test -p openshell-server image_pull_secret
  • mise run pre-commit was attempted earlier in this repo, but the full workspace check has unrelated existing failures outside this change set

Checklist

  • Follows Conventional Commits
  • Commits are signed off (DCO)
  • Architecture docs updated (if applicable)

@cheese-head
feat(sandbox): add registry pull secret support
8fb7e8f 
Signed-off-by: Patrick Riel <priel@nvidia.com>
@github-actions
Copy link
Copy Markdown

github-actions bot commented Mar 26, 2026

Thank you for your interest in contributing to OpenShell, @cheese-head.

This project uses a vouch system for first-time contributors. Before submitting a pull request, you need to be vouched by a maintainer.

To get vouched:

  1. Open a Vouch Request discussion.
  2. Describe what you want to change and why.
  3. Write in your own words — do not have an AI generate the request.
  4. A maintainer will comment /vouch if approved.
  5. Once vouched, open a new PR (preferred) or reopen this one after a few minutes.

See CONTRIBUTING.md for details.

@github-actions github-actions bot closed this Mar 26, 2026
@github-actions
Copy link
Copy Markdown

github-actions bot commented Mar 26, 2026

Thank you for your submission! We ask that you sign our Developer Certificate of Origin before we can accept your contribution. You can sign the DCO by adding a comment below using this text:

I have read the DCO document and I hereby sign the DCO.

You can retrigger this bot by commenting recheck in this Pull Request. Posted by the DCO Assistant Lite bot.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Pull sandbox from private registry

1 participant

@cheese-head