calm-iron-40008
08/17/2022, 2:33 AMbillowy-army-68599
08/17/2022, 3:30 AMcalm-iron-40008
08/17/2022, 5:45 PM# GitHub Registry Secret
apiVersion: v1
data:
.dockerconfigjson: bunchesofrandomnessbase64encodedbunchesofrandomnessbase64encodedbunchesofrandomnessbase64encodedbunchesofrandomnessbase64encodedbunchesofrandomnessbase64encodedbunchesofrandomnessbase64encodedbunchesofrandomnessbase64encodedbunchesofrandomnessbase64encodedbunchesofrandomnessbase64encodedbunchesofrandomnessbase64encodedbunchesofrandomnessbase64encodedbunchesofrandomnessbase64encoded
kind: Secret
metadata:
name: my-registry
namespace: default
type: <http://kubernetes.io/dockerconfigjson|kubernetes.io/dockerconfigjson>
I also have a standard kubectl command
kubectl create secret docker-registry my-registry --docker-server=<https://ghcr.io> --docker-username=my-username --docker-password=ghp_bunchesofrandomnesstoken --docker-email=email@mine.com
What I’m hoping to do is create the secret using variables in the Pulumi config and pass that as a command into the Kubernetes cluster.
Here’s the ‘index.ts’ file almost… There’s a YAML configgroup after this that loads the services from the designated folder, but that works fine IF the registry secret has been created. The configfile at the bottom loads randomly (the secret is a dockerjson config YAML)
import * as pulumi from "@pulumi/pulumi";
import * as awsx from "@pulumi/awsx";
import * as eks from "@pulumi/eks";
import * as k8s from "@pulumi/kubernetes";
import * as rabbitmq from "@pulumi/rabbitmq";
import * as path from "path";
// ENVIRONMENT CONFIGURATIONS
// TODO: Complete local needs for Pulumi environments and secrets
// Config parameters contained within the stack YAML file
const config = new pulumi.Config();
const env_name = config.require("env_name");
const vpc_name = config.require( "vpc_name");
const proxy_name = config.require( "proxy_name");
// Create an EKS cluster with non-default configuration
// TODO: Finalize the variables for deployment and configuration
const vpc = new awsx.ec2.Vpc(vpc_name, { cidrBlock: "10.200.0.0/16", numberOfAvailabilityZones: 3, subnets: [{ type: "public"}, { type: "private"}], } );
const cluster = new eks.Cluster(env_name, {
vpcId: vpc.id,
publicSubnetIds: vpc.publicSubnetIds,
privateSubnetIds: vpc.privateSubnetIds,
nodeAssociatePublicIpAddress: false,
// instanceType: "m5a.xlarge",
desiredCapacity: 3,
minSize: 2,
maxSize: 8,
storageClasses: "gp2",
deployDashboard: false,
enabledClusterLogTypes: [
"api",
"audit",
"authenticator",
]
});
// Export the clusters' kubeconfig.
export const kubeconfig = cluster.kubeconfig;
export const awsinfo = cluster.provider.urn;
// Create a Kubernetes Namespace
const ns = new k8s.core.v1.Namespace(env_name, {}, { provider: cluster.provider });
// Export the Namespace name
export const namespaceName = ns.metadata.apply(m => m.name);
// Create NGinX instances
const appLabels = {appClass: proxy_name};
const deployment = new k8s.apps.v1.Deployment(proxy_name, {
metadata: {labels: appLabels},
spec: {
replicas: 2,
selector: {matchLabels: appLabels},
template: {
metadata: {labels: appLabels},
spec: {
containers: [{
name: proxy_name,
image: "nginx:1.23.1-alpine",
ports: [{name: "https", containerPort: 443 }]
}],
}
}
}
}, {provider: cluster.provider});
const service = new k8s.core.v1.Service(proxy_name, {
metadata: {labels: appLabels},
spec: {
type: "LoadBalancer",
ports: [{ port: 443, targetPort: "https"}],
selector: appLabels,
},
}, {provider: cluster.provider, dependsOn: kubeconfig});
// Export the URL for the load balanced service.
export const url = service.status.loadBalancer.ingress[0].hostname;
// Deploy Kubernetes Secrets
const atsecrets = new k8s.yaml.ConfigFile("atsecrets", {file: "./secrets/all-my-secrets.yaml", }, {dependsOn: kubeconfig});
billowy-army-68599
08/18/2022, 12:04 AMkubectl create secret docker-registry my-registry --docker-server=<https://ghcr.io> --docker-username=my-username --docker-password=ghp_bunchesofrandomnesstoken --docker-email=email@mine.com --dry-run -o yaml
apiVersion: v1
data:
.dockerconfigjson: eyJhdXRocyI6eyJodHRwczovL2doY3IuaW8iOnsidXNlcm5hbWUiOiJteS11c2VybmFtZSIsInBhc3N3b3JkIjoiZ2hwX2J1bmNoZXNvZnJhbmRvbW5lc3N0b2tlbiIsImVtYWlsIjoiZW1haWxAbWluZS5jb20iLCJhdXRoIjoiYlhrdGRYTmxjbTVoYldVNloyaHdYMkoxYm1Ob1pYTnZabkpoYm1SdmJXNWxjM04wYjJ0bGJnPT0ifX19
kind: Secret
metadata:
creationTimestamp: null
name: my-registry
type: <http://kubernetes.io/dockerconfigjson|kubernetes.io/dockerconfigjson>
import * as pulumi from "@pulumi/pulumi";
import * as kubernetes from "@pulumi/kubernetes";
const my_registrySecret = new kubernetes.core.v1.Secret("my_registrySecret", {
apiVersion: "v1",
data: {
".dockerconfigjson": "eyJhdXRocyI6eyJodHRwczovL2doY3IuaW8iOnsidXNlcm5hbWUiOiJteS11c2VybmFtZSIsInBhc3N3b3JkIjoiZ2hwX2J1bmNoZXNvZnJhbmRvbW5lc3N0b2tlbiIsImVtYWlsIjoiZW1haWxAbWluZS5jb20iLCJhdXRoIjoiYlhrdGRYTmxjbTVoYldVNloyaHdYMkoxYm1Ob1pYTnZabkpoYm1SdmJXNWxjM04wYjJ0bGJnPT0ifX19",
},
kind: "Secret",
metadata: {
creationTimestamp: undefined,
name: "my-registry",
},
type: "<http://kubernetes.io/dockerconfigjson|kubernetes.io/dockerconfigjson>",
});
dockerconfigjson
fairly easily, but let me know if you have issuecalm-iron-40008
08/21/2022, 10:11 PM