I m trying to setup pulumi to pull an image from a private r Pulumi Community #kubernetes

I'm trying to setup pulumi to pull an image from a...

gorgeous-elephant-23271

04/14/2020, 8:06 PM

I'm trying to setup pulumi to pull an image from a private registry (Azure ACR), so I've created a secret called

acr

with

kubectl

and referenced it in my

PodBuilder

using pulumi/kuberentesx:

Copy code

imagePullSecrets: [{
        name: "acr",
    }]

but then I'm still getting

unauthorized: authentication required

when k8s is trying to pull the image

gorgeous-egg-16927

04/14/2020, 8:10 PM

I’m not very familiar with ACR, but we’ve got this example that might help: https://www.pulumi.com/docs/guides/crosswalk/kubernetes/apps/#build-and-deploy-a-container I notice it doesn’t use

imagePullSecrets

, so it may have something to do with the resource group or other permissions like that

gorgeous-elephant-23271

04/14/2020, 8:11 PM

that's using the built in support for ECR it looks like, and refers to the image directly instead of by repo/name

gorgeous-egg-16927

04/14/2020, 8:11 PM

There’s a cloud provider switcher at the top of the page

🤯 1

gorgeous-elephant-23271

04/14/2020, 8:12 PM

thanks, will give that a go!

👍 1

gorgeous-elephant-23271

04/14/2020, 8:13 PM

would pulumi be ok if I wanted to manage it separately? i.e. it wont blow up if that resource already exists and its not in the current state?

gorgeous-elephant-23271

04/14/2020, 8:14 PM

I could use pulumi to manage it, but feel like the registry lives out the normal infra lifecycle

gorgeous-egg-16927

04/14/2020, 8:14 PM

Right; pulumi won’t delete any resources you’re not explicitly managing

gorgeous-elephant-23271

04/14/2020, 8:14 PM

great, thanks

gorgeous-egg-16927

04/14/2020, 8:14 PM

You can import existing resources to manage with pulumi, but it doesn’t happen by default

gorgeous-elephant-23271

04/14/2020, 8:15 PM

how might I do that?

gorgeous-egg-16927

04/14/2020, 8:15 PM

https://www.pulumi.com/blog/adopting-existing-cloud-resources-into-pulumi/

gorgeous-elephant-23271

04/14/2020, 8:15 PM

awesome, thanks!

👍 1

gorgeous-elephant-23271

04/14/2020, 8:23 PM

I think the big insight there is to declare a separate

docker.Image

that contains the login details 🙂

gorgeous-elephant-23271

04/14/2020, 8:32 PM

hmm it looks like those samples build a local image before uploading - the

build

property is required

gorgeous-elephant-23271

04/14/2020, 8:32 PM

I just want to reference a remote image

gorgeous-elephant-23271

04/14/2020, 8:33 PM

docs refer to the registry there as : /** * Credentials for the docker registry to push to. */ registry?: pulumi.Input<ImageRegistry>;

gorgeous-egg-16927

04/14/2020, 8:40 PM

Again, I’m not very familiar with ACR, but their example doesn’t show an

imagePullSecret

either: https://docs.microsoft.com/en-us/azure/aks/tutorial-kubernetes-deploy-application#update-the-manifest-file

gorgeous-elephant-23271

04/14/2020, 8:43 PM

ahhh, they do it by 'attaching' the ACR: https://docs.microsoft.com/en-us/azure/aks/cluster-container-registry-integration

gorgeous-elephant-23271

04/14/2020, 8:43 PM

ugh

gorgeous-elephant-23271

04/14/2020, 9:34 PM

omg, problem was a missing

latest

tag (I thought it was added automatically by tooling) - lead to unauthorized instead of 404

17 Views

Open in Slack

Previous Next