From 77f51903cd45cdb06ba0efa494b8fd2a82c1129a Mon Sep 17 00:00:00 2001 From: Rajat Jindal Date: Tue, 27 Feb 2024 07:53:23 +0530 Subject: [PATCH] add section in docs on how to use image pull secrets Signed-off-by: Rajat Jindal --- README.md | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) diff --git a/README.md b/README.md index 3e1f3cf..207443a 100644 --- a/README.md +++ b/README.md @@ -96,3 +96,55 @@ Delete the app: ```sh kubectl delete spinapp hello-rust ``` + +### Working with images from private registries + +Support for pulling images from private registries can be enabled by using `--image-pull-secret ` flag, where `` is a secret of type [`docker-registry`](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/) in same namespace as your SpinApp. + +To enable multiple private registries, you can provide the flag `--image-pull-secret` multiple times with secret for each registry that you wish to use. + +Create a secret with credentials for private registry + +```sh +$) kubectl create secret docker-registry registry-credentials \ + --docker-server=ghcr.io \ + --docker-username=bacongobbler \ + --docker-password=github-token + +secret/registry-credentials created +``` + +Verify that the secret is created + +```sh +$) kubectl get secret registry-credentials -o yaml + +apiVersion: v1 +data: + .dockerconfigjson: eyJhdXRocyI6eyJnaGNyLmlvIjp7InVzZXJuYW1lIjoiYmFjb25nb2JibGVyIiwicGFzc3dvcmQiOiJnaXRodWItdG9rZW4iLCJhdXRoIjoiWW1GamIyNW5iMkppYkdWeU9tZHBkR2gxWWkxMGIydGxiZz09In19fQ== +kind: Secret +metadata: + creationTimestamp: "2024-02-27T02:18:53Z" + name: registry-credentials + namespace: default + resourceVersion: "162287" + uid: 2e12ddd1-919d-44b5-b6cc-c3cd5c09fcec +type: kubernetes.io/dockerconfigjson +``` + +Use the secret when scaffolding the SpinApp + +```sh +$) spin k8s scaffold --from bacongobbler/hello-rust:latest --image-pull-secret registry-credentials + +apiVersion: core.spinoperator.dev/v1 +kind: SpinApp +metadata: + name: hello-rust +spec: + image: "bacongobbler/hello-rust:latest" + replicas: 2 + executor: containerd-shim-spin + imagePullSecrets: + - name: registry-credentials +```