wiki:create_docker_config_secret_private_image_pulling_pulumi
Table of Contents
Create a Docker config Secret for private image pulling in Pulumi
...
// Define the GitHub token secret
ghTokenSecret, err := corev1.NewSecret(ctx, "ghTokenSecret", &corev1.SecretArgs{
Metadata: &metav1.ObjectMetaArgs{
Name: pulumi.String("github-token-secret"),
Namespace: serviceNamespace.Metadata.Name(),
},
StringData: pulumi.StringMap{
".dockerconfigjson": pulumi.String(`{
"auths": {
"ghcr.io": {
"auth": "<base64 encoded string>"
}
}
}`),
},
Type: pulumi.String("kubernetes.io/dockerconfigjson"),
}, pulumi.Provider(k8sProvider))
if err != nil {
return err
}
...
Tweak the “auths” key above to your config. You can get the “auth” base64 value directly from your machine (~/.docker/config.json) and c/p it here. The value is just a concatenation of your username and pwd/token and you can create it like this:
echo -n "myusername:password1234" |base64 -w 0
Later you can reference the secret, for example in deployment:
...
_, err = appsv1.NewDeployment(ctx, "my-deployment", &appsv1.DeploymentArgs{
Metadata: &metav1.ObjectMetaArgs{
Labels: appLabels,
Namespace: serviceNamespace.Metadata.Name(),
},
Spec: &appsv1.DeploymentSpecArgs{
Selector: &metav1.LabelSelectorArgs{
MatchLabels: appLabels,
},
Replicas: pulumi.Int(1),
Template: &corev1.PodTemplateSpecArgs{
Metadata: &metav1.ObjectMetaArgs{
Labels: appLabels,
},
Spec: &corev1.PodSpecArgs{
Containers: corev1.ContainerArray{
&corev1.ContainerArgs{
Name: pulumi.String("my-app"),
Image: pulumi.String(dockerImage), // Change to your Docker image
Ports: corev1.ContainerPortArray{
&corev1.ContainerPortArgs{
ContainerPort: pulumi.Int(appPort),
},
},
},
},
ImagePullSecrets: corev1.LocalObjectReferenceArray{
&corev1.LocalObjectReferenceArgs{
Name: ghTokenSecret.Metadata.Name(),
},
},
},
},
},
}, pulumi.Provider(k8sProvider))
...
Tested on
See also
References
wiki/create_docker_config_secret_private_image_pulling_pulumi.txt · Last modified: 2025/02/19 15:11 by antisa