From e1703923031e29373c65c99ccddf195ea1e7aa96 Mon Sep 17 00:00:00 2001 From: Michael Venezia Date: Thu, 12 Oct 2017 16:09:46 -0400 Subject: [PATCH] Adding how to add an image pull secret in helm (#3022) Document how to add an image pull secret in Helm Provide an example of how to take an image registry, user name, and password and prepare a Secret that can be used by a pod to pull a protected container image. --- docs/charts_tips_and_tricks.md | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/docs/charts_tips_and_tricks.md b/docs/charts_tips_and_tricks.md index 0ed1ab83e..885c30085 100644 --- a/docs/charts_tips_and_tricks.md +++ b/docs/charts_tips_and_tricks.md @@ -96,6 +96,35 @@ For example: The above will render the template when .Values.foo is defined, but will fail to render and exit when .Values.foo is undefined. +## Creating Image Pull Secrets +Image pull secrets are essentially a combination of _registry_, _username_, and _password_. You may need them in an application you are deploying, but to create them requires running _base64_ a couple of times. We can write a helper template to compose the Docker configuration file for use as the Secret's payload. Here is an example: + +First, assume that the credentials are defined in the `values.yaml` file like so: +``` +imageCredentials: + registry: quay.io + username: someone + password: sillyness +``` + +We then define our helper template as follows: +``` +{{- define "imagePullSecret" }} +{{- printf "{\"auths\": {\"%s\": {\"auth\": \"%s\"}}}" .Values.imageCredentials.registry (printf "%s:%s" .Values.imageCredentials.username .Values.imageCredentials.password | b64enc) | b64enc }} +{{- end }} +``` + +Finally, we use the helper template in a larger template to create the Secret manifest: +``` +apiVersion: v1 +kind: Secret +metadata: + name: myregistrykey +type: kubernetes.io/dockerconfigjson +data: + .dockerconfigjson: {{ template "imagePullSecret" . }} +``` + ## Automatically Roll Deployments When ConfigMaps or Secrets change Often times configmaps or secrets are injected as configuration