Create image pull Secrets
Create an image pull Secret with kubectl to allow DevWorkspace Pods to access container registries that require authentication.
You can create image pull Secrets by using kubectl or a .dockercfg file or a config.json file.
Create an image pull Secret with kubectl
-
You have an active
kubectlsession with your namespace. See Overview of kubectl.
-
In your user namespace, create an image pull Secret with your private container registry details and credentials:
$ kubectl create secret docker-registry <Secret_name> \ --docker-server=<registry_server> \ --docker-username=<username> \ --docker-password=<password> \ --docker-email=<email_address> -
Add the following label to the image pull Secret:
$ kubectl label secret <Secret_name> controller.devfile.io/devworkspace_pullsecret=true controller.devfile.io/watch-secret=true
Create an image pull Secret from a .dockercfg file
If you already store the credentials for the private container registry in a .dockercfg file, you can use that file to create an image pull Secret.
-
You have an active
kubectlsession with your namespace. See Overview of kubectl. -
You have
base64command-line tools installed.
-
Encode the
.dockercfgfile to Base64:$ cat .dockercfg | base64 | tr -d '\n'
-
Create a new Kubernetes Secret in your user namespace:
apiVersion: v1 kind: Secret metadata: name: <Secret_name> labels: controller.devfile.io/devworkspace_pullsecret: 'true' controller.devfile.io/watch-secret: 'true' data: .dockercfg: <Base64_content_of_.dockercfg> type: kubernetes.io/dockercfg -
Apply the Secret:
$ kubectl apply -f - <<EOF <Secret_prepared_in_the_previous_step> EOF
Create an image pull Secret from a config.json file
If you already store the credentials for the private container registry in a $HOME/.docker/config.json file, you can use that file to create an image pull Secret.
-
You have an active
kubectlsession with your namespace. See Overview of kubectl. -
You have
base64command-line tools installed.
-
Encode the
$HOME/.docker/config.jsonfile to Base64.$ cat config.json | base64 | tr -d '\n'
-
Create a new Kubernetes Secret in your user namespace:
apiVersion: v1 kind: Secret metadata: name: <Secret_name> labels: controller.devfile.io/devworkspace_pullsecret: 'true' controller.devfile.io/watch-secret: 'true' data: .dockerconfigjson: <Base64_content_of_config.json> type: kubernetes.io/dockerconfigjson -
Apply the Secret:
$ kubectl apply -f - <<EOF <Secret_prepared_in_the_previous_step> EOF