Skip to content

docs: add guide for template ImagePullSecret #11608

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Jan 13, 2024
Merged

docs: add guide for template ImagePullSecret #11608

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
8d11479
docs: add guide for template imagepullsecret
ericpaulsen Jan 13, 2024
c126eb1
add: manifest
ericpaulsen Jan 13, 2024
78c01c0
make: fmt
ericpaulsen Jan 13, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion docs/guides/example-guide.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
<div>
<a href="https://github.com/<your_github_handle>" style="text-decoration: none; color: inherit;">
<span style="vertical-align:middle;">Your Name</span>
<img src="<your_github_profile_photo_url>" width="24px" height="24px" style="vertical-align:middle; margin: 0px;"/>
<img src="https://github.com/ericpaulsen.png" width="24px" height="24px" style="vertical-align:middle; margin: 0px;"/>
</a>
</div>
December 13, 2023
Expand Down
10 changes: 10 additions & 0 deletions docs/guides/gcp-to-aws.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,15 @@
# Federating a Google Cloud service account to AWS

<div>
<a href="https://github.com/ericpaulsen" style="text-decoration: none; color: inherit;">
<span style="vertical-align:middle;">Your Name</span>
<img src="https://github.com/ericpaulsen.png" width="24px" height="24px" style="vertical-align:middle; margin: 0px;"/>
</a>
</div>
January 4, 2024

---

This guide will walkthrough how to use a Google Cloud service account to
authenticate the Coder control plane to AWS and create an EC2 workspace. The
below steps assume your Coder control plane is running in Google Cloud and has
Expand Down
86 changes: 86 additions & 0 deletions docs/guides/image-pull-secret.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,86 @@
# Defining ImagePullSecrets for Coder workspaces

<div>
<a href="https://github.com/ericpaulsen" style="text-decoration: none; color: inherit;">
<span style="vertical-align:middle;">Your Name</span>
<img src="https://github.com/ericpaulsen.png" width="24px" height="24px" style="vertical-align:middle; margin: 0px;"/>
</a>
</div>
January 12, 2024

---

Coder workspaces are commonly run as Kubernetes pods. When run inside of an
enterprise, the pod image is typically pulled from a private image registry.
This guide walks through creating an ImagePullSecret to use for authenticating
to your registry, and defining it in your workspace template.

## 1. Create Docker Config JSON File

Create a Docker configuration JSON file containing your registry credentials.
Replace `<your-registry>`, `<your-username>`, and `<your-password>` with your
actual Docker registry URL, username, and password.

```json
{
"auths": {
"<your-registry>": {
"username": "<your-username>",
"password": "<your-password>"
}
}
}
```

## 2. Create Kubernetes Secret

Run the below `kubectl` command in the K8s cluster where you intend to run your
Coder workspaces:

```console
kubectl create secret generic regcred \
--from-file=.dockerconfigjson=<path-to-docker-config.json> \
--type=kubernetes.io/dockerconfigjson \
--namespace=<workspaces-namespace>
```

Inspect the secret to confirm its contents:

```console
kubectl get secret -n <workspaces-namespace> regcred --output="jsonpath={.data.\.dockerconfigjson}" | base64 --decode
```

The output should look similar to this:

```json
{
"auths": {
"your.private.registry.com": {
"username": "ericpaulsen",
"password": "xxxx",
"auth": "c3R...zE2"
}
}
}
```

## 3. Define ImagePullSecret in Terraform template

```hcl
resource "kubernetes_pod" "dev" {
metadata {
# this must be the same namespace where workspaces will be deployed
namespace = "workspaces-namespace"
}

spec {
image_pull_secrets {
name = "regcred"
}
container {
name = "dev"
image = "your-image:latest"
}
}
}
```
5 changes: 5 additions & 0 deletions docs/manifest.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1020,6 +1020,11 @@
"title": "Google to AWS Federation",
"description": "Federating a Google Cloud service account to AWS",
"path": "./guides/gcp-to-aws.md"
},
{
"title": "Template ImagePullSecrets",
"description": "Creating ImagePullSecrets for private registries",
"path": "./guides/image-pull-secret.md"
}
]
}
Expand Down