Pull containers from private registry

Created by: malomarrec

Problem

Running server-side:

• I want to pull some images from a private docker registry
• I want to pull some other images from public dockerhub or another public registry

Current state: yes but not great

Currently, our managed executors don’t support feeding custom docker credentials so those would need to be public registries/images. One thing that’s possible is either modifying the executors deployment manually to include credentials or to give the docker registry mirror credentials so the executors don’t need them (maybe a bit more secure). Anyways, we don’t have a good way today to support this. Kubernetes has a magic secret for this, maybe we want the same, once secrets are implemented.

Impacted customers

Most customers will actually need this, and in particular Strategic customers. Example:

• https://github.com/sourcegraph/accounts/issues/3
• https://github.com/sourcegraph/accounts/issues/4001

We have some ECR images that we’d like to run through the server-side executors.