{{tag>pulumi docker secret aws go}}

====== Create a Docker config Secret for private image pulling in Pulumi ======
<code>
...
	// Define the GitHub token secret
	ghTokenSecret, err := corev1.NewSecret(ctx, "ghTokenSecret", &corev1.SecretArgs{
		Metadata: &metav1.ObjectMetaArgs{
			Name:      pulumi.String("github-token-secret"),
			Namespace: serviceNamespace.Metadata.Name(),
		},
		StringData: pulumi.StringMap{
			".dockerconfigjson": pulumi.String(`{
							"auths": {
									"ghcr.io": {
											"auth": "<base64 encoded string>"
									}
							}
					}`),
		},
		Type: pulumi.String("kubernetes.io/dockerconfigjson"),
	}, pulumi.Provider(k8sProvider))

	if err != nil {
		return err
	}
...
</code>

Tweak the "auths" key above to your config. You can get the "auth" base64 value directly from your machine (''~/.docker/config.json'') and c/p it here. The value is just a concatenation of your username and pwd/token and you can create it like this:

  echo -n "myusername:password1234" |base64 -w 0

Later you can reference the secret, for example in deployment:

<code>
...
	_, err = appsv1.NewDeployment(ctx, "my-deployment", &appsv1.DeploymentArgs{
		Metadata: &metav1.ObjectMetaArgs{
			Labels:    appLabels,
			Namespace: serviceNamespace.Metadata.Name(),
		},
		Spec: &appsv1.DeploymentSpecArgs{
			Selector: &metav1.LabelSelectorArgs{
				MatchLabels: appLabels,
			},
			Replicas: pulumi.Int(1),
			Template: &corev1.PodTemplateSpecArgs{
				Metadata: &metav1.ObjectMetaArgs{
					Labels: appLabels,
				},
				Spec: &corev1.PodSpecArgs{
					Containers: corev1.ContainerArray{
						&corev1.ContainerArgs{
							Name:  pulumi.String("my-app"),
							Image: pulumi.String(dockerImage), // Change to your Docker image
							Ports: corev1.ContainerPortArray{
								&corev1.ContainerPortArgs{
									ContainerPort: pulumi.Int(appPort),
								},
							},
						},
					},
					ImagePullSecrets: corev1.LocalObjectReferenceArray{
						&corev1.LocalObjectReferenceArgs{
							Name: ghTokenSecret.Metadata.Name(),
						},
					},
				},
			},
		},
	}, pulumi.Provider(k8sProvider))
...
</code>

====== Tested on ======
  * 

====== See also ======
  * [[wiki:nginx_proxy_pass_different_domain_k8s|nginx proxy pass to a different domain in k8s]]
  * [[https://github.com/pulumi/examples/|Pulumi examples]]
====== References ======
  * https://github.com/pulumi/pulumi-kubernetesx/issues/49