Issue

• Customer A belongs to project 1 and Customer B belongs to Project 2 and image1 present in node 1 for project 1 as a pod was created of that image pulled from docker.io by authenticating using the pull secrets. But now when customer B from project 2 comes and wants to use the same image image1 from docker.io for creating his pods no authentication of pull secrets to pull this image is done as the image is already present on the node

Basically, its about that every user can use every particular image once it is pulled on a node. (indepentend of its privacy)
The steps are:
- Customer A pulls a private image from its private repo.
- Customer B uses this image in a pod definition
Outcome:
Pod creation of Customer B will not fail if the pod is scheduled on a node where the image is pulled already (no auth. checked by Openshift)
Pod creation of Customer B will fail if the pod is scheduled on a node where the image is not pulled. (missing auth.)

Use case-

We have multiple customers on our Openshift platform.

Once a customer uses his own private Docker images (with pull secrets e.g. from a private Docker.io repo.) the images are pulled on a particular worker node and the pods are started with this image.

If a second customer comes along, who has no access to the above described repository, he is still able to use the images, because they are already downloaded to the nodes locally and no authentication is done against the Docker account.

Example: Customer A starts a pod with a private image. It gets downloaded with the provided docker-hub credentials, which are stored in a secret:
apiVersion: v1
kind: Pod
metadata:
name: foo
spec:
containers:
- name: foo
image: docker.io/privateImagePath

Customer B starts the same pod definition: Credentials are not checked anymore, cause the image is already available on a node.