🤔 Problem

Users can’t use private docker images in session launcher environments (except from the internal GitLab)
- As a side note, we don’t communicate this restriction in the UI! Which trips people up 😬
… and this functionality will be removed when we turn off the internal GitLab! (the internal GitLab is currently the only place where you can host and use private images)
Therefore we want to create new options for using private images before we remove the internal GitLab.

🍴 Appetite

4 weeks

Would have to split into 2 builds if we want to start during the 4 week extended cool down

Admins can specify (optionally) a container registry URL for a “connected service” git provider
Renku checks for access to the image at launch (not before), and gives actionable error messages when the image is not reachable
Users can use private images for sessions (when the matching integration is activated on their account and they have the required access)

Show a status pill on the project page launcher listing that shows the access status of the image for the user (similar to the git repo access pill)
Form validation when entering an image URL, which prevents users from creating session launcher environments with invalid image URLs
A button for activating an integration is offered directly in the External environment creation modal when the user enters an image URL that requires activating an Integration (for example, if the user enters a gitlab.datascience.ch image URL, but they haven’t activated the gitlab.datascience.ch integration yet)
- Maybe this shows up in the error message?
Support providers that are container-registry-only, like DockerHub (this requires a more complicated form in the admin panel)