All of our service images are created and hosed in ghcr.io (GitHub Container Registry)… I cannot figure out how to use Pulumi to create the registry secret to enable the download of these images (currently EKS, but plans for Digital Ocean and Google Cloud)… Any help is appreciated. 1. I have the code code create the EKS cluster… 2. I have the code to install the NGinX proxy 3. I have the code to apply the ‘services’ YAML files… Between 1 and 2, I need to install this registry secret so that the YAML files will pull from ghcr.io successfully.

I set a reminder for this tomorrow. Will get back to you then

I have a basic YAML file for the secret

# GitHub Registry Secret
apiVersion: v1
data:
  .dockerconfigjson: bunchesofrandomnessbase64encodedbunchesofrandomnessbase64encodedbunchesofrandomnessbase64encodedbunchesofrandomnessbase64encodedbunchesofrandomnessbase64encodedbunchesofrandomnessbase64encodedbunchesofrandomnessbase64encodedbunchesofrandomnessbase64encodedbunchesofrandomnessbase64encodedbunchesofrandomnessbase64encodedbunchesofrandomnessbase64encodedbunchesofrandomnessbase64encoded
kind: Secret
metadata:
  name: my-registry
  namespace: default
type: <http://kubernetes.io/dockerconfigjson|kubernetes.io/dockerconfigjson>

I also have a standard kubectl command

kubectl create secret docker-registry my-registry --docker-server=<https://ghcr.io> --docker-username=my-username --docker-password=ghp_bunchesofrandomnesstoken --docker-email=email@mine.com

What I’m hoping to do is create the secret using variables in the Pulumi config and pass that as a command into the Kubernetes cluster. Here’s the ‘index.ts’ file almost… There’s a YAML configgroup after this that loads the services from the designated folder, but that works fine IF the registry secret has been created. The configfile at the bottom loads randomly (the secret is a dockerjson config YAML)

import * as pulumi from "@pulumi/pulumi";
import * as awsx from "@pulumi/awsx";
import * as eks from "@pulumi/eks";
import * as k8s from "@pulumi/kubernetes";
import * as rabbitmq from "@pulumi/rabbitmq";
import * as path from "path";

// ENVIRONMENT CONFIGURATIONS
// TODO: Complete local needs for Pulumi environments and secrets
// Config parameters contained within the stack YAML file
const config = new pulumi.Config();
const env_name = config.require("env_name");
const vpc_name = config.require( "vpc_name");
const proxy_name = config.require( "proxy_name");

// Create an EKS cluster with non-default configuration
// TODO: Finalize the variables for deployment and configuration
const vpc = new awsx.ec2.Vpc(vpc_name, { cidrBlock: "10.200.0.0/16", numberOfAvailabilityZones: 3, subnets: [{ type: "public"}, { type: "private"}], } );
const cluster = new eks.Cluster(env_name, {
    vpcId: vpc.id,
    publicSubnetIds: vpc.publicSubnetIds,
    privateSubnetIds: vpc.privateSubnetIds,
    nodeAssociatePublicIpAddress: false,
    // instanceType: "m5a.xlarge",
    desiredCapacity: 3,
    minSize: 2,
    maxSize: 8,
    storageClasses: "gp2",
    deployDashboard: false,
    enabledClusterLogTypes: [
        "api",
        "audit",
        "authenticator",
    ]
});

// Export the clusters' kubeconfig.
export const kubeconfig = cluster.kubeconfig;
export const awsinfo = cluster.provider.urn;

// Create a Kubernetes Namespace
const ns = new k8s.core.v1.Namespace(env_name, {}, { provider: cluster.provider });
// Export the Namespace name
export const namespaceName = ns.metadata.apply(m => m.name);
// Create NGinX instances
const appLabels = {appClass: proxy_name};
const deployment = new k8s.apps.v1.Deployment(proxy_name, {
    metadata: {labels: appLabels},
    spec: {
        replicas: 2,
        selector: {matchLabels: appLabels},
        template: {
            metadata: {labels: appLabels},
            spec: {
                containers: [{
                    name: proxy_name,
                    image: "nginx:1.23.1-alpine",
                    ports: [{name: "https", containerPort: 443 }]
                }],
            }
        }
    }
}, {provider: cluster.provider});
const service = new k8s.core.v1.Service(proxy_name, {
    metadata: {labels: appLabels},
    spec: {
        type: "LoadBalancer",
        ports: [{ port: 443, targetPort: "https"}],
        selector: appLabels,
    },
}, {provider: cluster.provider, dependsOn: kubeconfig});

// Export the URL for the load balanced service.
export const url = service.status.loadBalancer.ingress[0].hostname;

// Deploy Kubernetes Secrets
const atsecrets = new k8s.yaml.ConfigFile("atsecrets", {file: "./secrets/all-my-secrets.yaml", }, {dependsOn: kubeconfig});

@calm-iron-40008 really sorry for the delay getting back to you, crazy busy day!

@billowy-army-68599 that worked perfectly. for some reason, my original code would not allow the ‘.’ dot on the dockerconfigjson name without error. Thanks again.