sparse-intern-71089
03/23/2020, 2:05 AMgreen-morning-1318
03/23/2020, 2:23 AM{
"auths": {
"<http://your.private.registry.example.com|your.private.registry.example.com>": {
"username": "janedoe",
"password": "xxxxxxxxxxx",
"email": "<mailto:jdoe@example.com|jdoe@example.com>",
"auth": "c3R...zE2"
}
}
}
The auth part is base64 encoded and seems to be username and password concatenated with a :
So if you know your Registry server, username, password, email address you could construct the content of that file programmatically and create a secret like
new k8s.core.v1.Secret("myK8sSecret", {
metadata: {
name: "imagePullSecret",
namespace: "default"
},
type: "<http://kubernetes.io/dockerconfigjson|kubernetes.io/dockerconfigjson>",
data: {
".dockerconfigjson": toBase64(<the entire auth string>),
}
}
In that case, the contents needed to generate the secret are always in your possession and should indeed never be in git.
Source for coming up with this potential solution: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#inspecting-the-secret-regcredvictorious-scientist-9866
03/23/2020, 2:24 AMconst deployToken = new k8s.core.v1.Secret("shrcc-deploy-token", {
stringData: pulumi.all([
config.requireSecret("deployTokenUsername"),
config.requireSecret("deployTokenPassword"),
]).apply(([username, password]) => ({
".dockerconfigjson": JSON.stringify({
auths: {
"<http://registry.gitlab.com|registry.gitlab.com>": { username, password }
}
}),
})),
type: "<http://kubernetes.io/dockerconfigjson|kubernetes.io/dockerconfigjson>",
}, { additionalSecretOutputs: ["stringData"], provider })
victorious-scientist-9866
03/23/2020, 2:27 AMgreen-morning-1318
03/23/2020, 2:42 AMgreen-morning-1318
03/23/2020, 2:43 AMvictorious-scientist-9866
03/23/2020, 3:01 AMfaint-motherboard-95438
03/30/2020, 10:29 PM