.png%3Falt%3Dmedia%26token%3Df1ea80d6-51a3-4edb-bfba-3349a6b8cf8f)
.png%3Falt%3Dmedia%26token%3Df1ea80d6-51a3-4edb-bfba-3349a6b8cf8f)
🏢Organization management
🛠️Config Management
K8s pull image from private Docker registry
Overview
This article will show you how various methods utilizing CloudTruth and KubeTruth to create a Kubernetes Secret
type: kubernetes.io/dockerconfigjson that allows you to create pods that use this Secret to pull an image from a private docker registry or repository.Resolution
Method 1: kubectl apply from a CloudTruth template
- 1.run
docker login - 2.
- 1.
base64 /home/$USER/.docker/config.json
- 3.Add the config.json base64 encoded string as a CloudTruth parameter
type:secretnamedconfigjsonin a CloudTruth project called K8s. - 4.
- 1.1apiVersion: v12kind: Secret3metadata:4name: myregistrykey5data:6.dockerconfigjson: {{configjson}}7type: kubernetes.io/dockerconfigjsonCopied!
- 5.Run
kubectl apply -f <(cloudtruth --project K8s template get regcred) - 6.You can now inspect the secret and use the created secret in pods.
kubectl get secret myregistrykey --output=yaml
- 1.run
docker login - 2.
- 1.
base64 /home/$USER/.docker/config.json
- 3.Add the config.json base64 encoded string as a CloudTruth parameter
type:secretnamedconfigjsonin a CloudTruth project calledK8s. - 4.Create a KubeTruth override in the namespace where KubeTruth is operating that will automatically create the K8s
kubernetes.io/dockerconfigjsonSecret.- 1.1kubectl apply -n demokubetruth -f - <<EOF2apiVersion: kubetruth.cloudtruth.com/v13kind: ProjectMapping4metadata:5name: docker-configure6spec:7resource_templates:8docker: |9apiVersion: v110kind: Secret11metadata:12name: docker-reg-cred13type: kubernetes.io/dockerconfigjson14data:15.dockerconfigjson: {{secrets["configjson"]}}16scope: override17project_selector: K8s18skip: false19key_selector: config*20EOFCopied!
- 5.You can now inspect the secret and use the created secret in pods.
kubectl get secret docker-reg-cred --output=yaml -n demokubetruth
- 1.Create a dedicated CloudTruth project named
dockerconfigurethat contains the following docker login keys and values.- 1.1cloudtruth --project dockerconfigure p ls -v2+----------+---------------------------------+---------+----------+--------+-------------+3| Name | Value | Source | Type | Secret | Description |4+----------+---------------------------------+---------+----------+--------+-------------+5| email | [email protected] | default | internal | false | |6| password | ***** | default | internal | true | |7| registry | https://index.docker.io/v2/ | default | internal | false | |8| username | diosodtuono | default | internal | false | |9+----------+---------------------------------+---------+----------+--------+-------------+Copied!
- 2.Create the KubeTruth override below in the namespace where KubeTruth is operating. This will automatically base64 encode and create the K8s
kubernetes.io/dockerconfigjsonSecret based on your docker login and registry information in the CloudTruth project.- 1.1kubectl apply -n demokubetruth -f - <<EOF2apiVersion: kubetruth.cloudtruth.com/v13kind: ProjectMapping4metadata:5name: docker-configure6spec:7resource_templates:8docker: |9apiVersion: v110kind: Secret11metadata:12name: docker-reg-cred13type: kubernetes.io/dockerconfigjson14data:15.dockerconfigjson: |1617{% capture auth -%}18{{parameters["username"] }}:{{secrets["password"]}}19{%- endcapture -%}20{% assign auth64 = auth | encode64 %}21{%- capture dockerconfigjson -%}22{"auths":{"{{ parameters["registry"] }}":{"username":"{{ parameters["username"] }}","password":"{{secrets["password"]}}","email":"{{ parameters["email"] }}","auth":"{{auth64}}"}}}23{%- endcapture -%}2425{{ dockerconfigjson | encode64 }}26scope: override27project_selector: dockerconfigure28skip: false29EOFCopied!
- 2.You can now inspect the secret and use the created secret in pods.
kubectl get secret docker-reg-cred --output=yaml -n demokubetruth
Last modified 2mo ago
Copy link