docs: add guide for template imagepullsecret

coder · sharkymark · Jan 13, 2024 · Jan 13, 2024 · Jan 13, 2024 · Jan 13, 2024
commit 8d11479a6ecab51fefe09e6b89c8ad294eb616b3
diff --git a/docs/guides/example-guide.md b/docs/guides/example-guide.md
@@ -3,7 +3,7 @@
 <div>
   <a href="https://github.com/<your_github_handle>" style="text-decoration: none; color: inherit;">
     <span style="vertical-align:middle;">Your Name</span>
-    <img src="<your_github_profile_photo_url>" width="24px" height="24px" style="vertical-align:middle; margin: 0px;"/>
+    <img src="https://github.com/ericpaulsen.png" width="24px" height="24px" style="vertical-align:middle; margin: 0px;"/>
   </a>
 </div>
 December 13, 2023

diff --git a/docs/guides/gcp-to-aws.md b/docs/guides/gcp-to-aws.md
@@ -1,5 +1,15 @@
 # Federating a Google Cloud service account to AWS
 
+<div>
+  <a href="https://github.com/ericpaulsen" style="text-decoration: none; color: inherit;">
+    <span style="vertical-align:middle;">Your Name</span>
+    <img src="https://github.com/ericpaulsen.png" width="24px" height="24px" style="vertical-align:middle; margin: 0px;"/>
+  </a>
+</div>
+January 4, 2024
+
+---
+
 This guide will walkthrough how to use a Google Cloud service account to
 authenticate the Coder control plane to AWS and create an EC2 workspace. The
 below steps assume your Coder control plane is running in Google Cloud and has

diff --git a/docs/guides/image-pull-secret.md b/docs/guides/image-pull-secret.md
@@ -0,0 +1,78 @@
+# Defining ImagePullSecrets for Coder workspaces
+
+<div>
+  <a href="https://github.com/ericpaulsen" style="text-decoration: none; color: inherit;">
+    <span style="vertical-align:middle;">Your Name</span>
+    <img src="https://github.com/ericpaulsen.png" width="24px" height="24px" style="vertical-align:middle; margin: 0px;"/>
+  </a>
+</div>
+January 12, 2024
+
+---
+
+Coder workspaces are commonly run as Kubernetes pods. When run inside of an enterprise,
+the pod image is typically pulled from a private image registry. This guide walks
+through creating an ImagePullSecret to use for authenticating to your registry.
+
+## 1. Create Docker Config JSON File
+
+Create a Docker configuration JSON file containing your registry credentials.
+Replace `<your-registry>`, `<your-username>`, and `<your-password>` with your
+actual Docker registry URL, username, and password.
+
+```json
+{
+  "auths": {
+    "<your-registry>": {
+      "username": "<your-username>",
+      "password": "<your-password>"
+    }
+  }
+}
+```
+
+## 2. Create Kubernetes Secret
+
+Run the below `kubectl` command in the K8s cluster where you intend to run your Coder
+workspaces:
+
+```console
+kubectl create secret generic regcred \
+  --from-file=.dockerconfigjson=<path-to-docker-config.json> \
+  --type=kubernetes.io/dockerconfigjson \
+  --namespace=<workspaces-namespace>
+```
+
+Inspect the secret to confirm its contents:
+
+```console
+kubectl get secret -n <workspaces-namespace> regcred --output="jsonpath={.data.\.dockerconfigjson}" | base64 --decode
+```
+
+The output should look similar to this:
+
+```json
+{"auths":{"your.private.registry.com":{"username":"ericpaulsen","password":"xxxx","auth":"c3R...zE2"}}}
+```
+
+## 3. Define ImagePullSecret in Terraform template
+
+```hcl
+resource "kubernetes_pod" "dev" {
+  metadata {
+    # this must be the same namespace where workspaces will be deployed
+    namespace = "workspaces-namespace"
+  }
+
+  spec {
+    image_pull_secrets {
+      name = "regcred"
+    }
+    container {
+      name  = "dev"
+      image = "your-image:latest"
+    }
+  }
+}
+```
+