https://pulumi.com logo
#general
Title
# general
c

cold-train-5848

11/05/2018, 10:43 PM
I'm trying to build a docker image and push it to a local private docker registry and then to Kubernetes, similar to the example here: https://blog.pulumi.com/program-kubernetes-with-11-cloud-native-pulumi-pearls#8__Build_and_Deploy_Container_Images_A_longside_Configuration_Updates_322 I got it to build and push the docker registry, but when I try to deploy it Kubernetes, I get the following error:
kubernetes:apps:Deployment lds updating warning: 1 Pods failed to run because: [ImagePullBackOff] Back-off pulling image "127.0.0.1:5000/api_gateway_go:f61cb689da..."
. I suspect it's because the credentials are not passed on. Is there some magic way to pass Docker private registry credentials to Kubernetes? Or I need to do something manually similar to what in https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
c

creamy-potato-29402

11/05/2018, 10:44 PM
@cold-train-5848 you probably need to include an image pull secret in your deployment?
for example.
c

cold-train-5848

11/05/2018, 11:48 PM
Yes, I saw that, but I hoped that there was an easier way to do it. I got it working at the end, but it was a bit tricky:
Copy code
const imagePullSecret = new k8s.core.v1.Secret("regcred", {
  type: "<http://kubernetes.io/dockerconfigjson|kubernetes.io/dockerconfigjson>",
  metadata: { name: "regcred" },
  data: {
    ".dockerconfigjson": Buffer.from(
      JSON.stringify({
        auths: {
          "127.0.0.1:5000": {
            username: config.require("dockerUsername"),
            password: config.require("dockerPassword"),
            auth: Buffer.from(
              `${config.require("dockerUsername")}:${config.require(
                "dockerPassword"
              )}`
            ).toString("base64")
          }
        }
      })
    ).toString("base64")
  }
});

const appLabels = { app: appName };
const myaPpDeployment = new k8s.apps.v1beta1.Deployment(appName, {
  spec: {
    selector: { matchLabels: appLabels },
    replicas: 1,
    template: {
      metadata: { labels: appLabels },
      spec: {
        imagePullSecrets: [{ name: "regcred" }],
        // Use the app container at the specific SHA pushed.
        containers: [
          {
            name: appName,
            image: myaPpDocker.imageName
          }
        ]
      }
    }
  }
});
c

creamy-potato-29402

11/05/2018, 11:50 PM
Some day we will raise the level of abstraction.
but for now it’s pretty much just the kubernetes API.