The process of pulling images from registries in Buildkit doesn’t use Kubernetes’ imagePullSecrets, but rather the credentials available in configuration files like .docker/config.json. When the deployment request is initiated from within the cluster (e.g., through the UI), that file is generated based on the configuration in the link I provided earlier.