https://pulumi.com logo
Title
g

gorgeous-elephant-23271

04/14/2020, 8:06 PM
I'm trying to setup pulumi to pull an image from a private registry (Azure ACR), so I've created a secret called
acr
with
kubectl
and referenced it in my
PodBuilder
using pulumi/kuberentesx:
imagePullSecrets: [{
        name: "acr",
    }]
but then I'm still getting
unauthorized: authentication required
when k8s is trying to pull the image
g

gorgeous-egg-16927

04/14/2020, 8:10 PM
I’m not very familiar with ACR, but we’ve got this example that might help: https://www.pulumi.com/docs/guides/crosswalk/kubernetes/apps/#build-and-deploy-a-container I notice it doesn’t use
imagePullSecrets
, so it may have something to do with the resource group or other permissions like that
g

gorgeous-elephant-23271

04/14/2020, 8:11 PM
that's using the built in support for ECR it looks like, and refers to the image directly instead of by repo/name
g

gorgeous-egg-16927

04/14/2020, 8:11 PM
There’s a cloud provider switcher at the top of the page
🤯 1
g

gorgeous-elephant-23271

04/14/2020, 8:12 PM
thanks, will give that a go!
👍 1
would pulumi be ok if I wanted to manage it separately? i.e. it wont blow up if that resource already exists and its not in the current state?
I could use pulumi to manage it, but feel like the registry lives out the normal infra lifecycle
g

gorgeous-egg-16927

04/14/2020, 8:14 PM
Right; pulumi won’t delete any resources you’re not explicitly managing
g

gorgeous-elephant-23271

04/14/2020, 8:14 PM
great, thanks
g

gorgeous-egg-16927

04/14/2020, 8:14 PM
You can import existing resources to manage with pulumi, but it doesn’t happen by default
g

gorgeous-elephant-23271

04/14/2020, 8:15 PM
how might I do that?
g

gorgeous-elephant-23271

04/14/2020, 8:15 PM
awesome, thanks!
👍 1
I think the big insight there is to declare a separate
docker.Image
that contains the login details 🙂
hmm it looks like those samples build a local image before uploading - the
build
property is required
I just want to reference a remote image
docs refer to the registry there as : /**      * Credentials for the docker registry to push to.      */     registry?: pulumi.Input<ImageRegistry>;
g

gorgeous-egg-16927

04/14/2020, 8:40 PM
Again, I’m not very familiar with ACR, but their example doesn’t show an
imagePullSecret
either: https://docs.microsoft.com/en-us/azure/aks/tutorial-kubernetes-deploy-application#update-the-manifest-file
g

gorgeous-elephant-23271

04/14/2020, 8:43 PM
ugh
omg, problem was a missing
latest
tag (I thought it was added automatically by tooling) - lead to unauthorized instead of 404