diff --git a/docs/guides/example-guide.md b/docs/guides/example-guide.md index 820a6f3ffecdd..f0f0dc9bd75ee 100644 --- a/docs/guides/example-guide.md +++ b/docs/guides/example-guide.md @@ -3,7 +3,7 @@
Your Name - +
December 13, 2023 diff --git a/docs/guides/gcp-to-aws.md b/docs/guides/gcp-to-aws.md index de35650bd4c8e..35cfef89fe911 100644 --- a/docs/guides/gcp-to-aws.md +++ b/docs/guides/gcp-to-aws.md @@ -1,5 +1,15 @@ # Federating a Google Cloud service account to AWS +
+ + Your Name + + +
+January 4, 2024 + +--- + This guide will walkthrough how to use a Google Cloud service account to authenticate the Coder control plane to AWS and create an EC2 workspace. The below steps assume your Coder control plane is running in Google Cloud and has diff --git a/docs/guides/image-pull-secret.md b/docs/guides/image-pull-secret.md new file mode 100644 index 0000000000000..661f104ebea9e --- /dev/null +++ b/docs/guides/image-pull-secret.md @@ -0,0 +1,86 @@ +# Defining ImagePullSecrets for Coder workspaces + +
+ + Your Name + + +
+January 12, 2024 + +--- + +Coder workspaces are commonly run as Kubernetes pods. When run inside of an +enterprise, the pod image is typically pulled from a private image registry. +This guide walks through creating an ImagePullSecret to use for authenticating +to your registry, and defining it in your workspace template. + +## 1. Create Docker Config JSON File + +Create a Docker configuration JSON file containing your registry credentials. +Replace ``, ``, and `` with your +actual Docker registry URL, username, and password. + +```json +{ + "auths": { + "": { + "username": "", + "password": "" + } + } +} +``` + +## 2. Create Kubernetes Secret + +Run the below `kubectl` command in the K8s cluster where you intend to run your +Coder workspaces: + +```console +kubectl create secret generic regcred \ + --from-file=.dockerconfigjson= \ + --type=kubernetes.io/dockerconfigjson \ + --namespace= +``` + +Inspect the secret to confirm its contents: + +```console +kubectl get secret -n regcred --output="jsonpath={.data.\.dockerconfigjson}" | base64 --decode +``` + +The output should look similar to this: + +```json +{ + "auths": { + "your.private.registry.com": { + "username": "ericpaulsen", + "password": "xxxx", + "auth": "c3R...zE2" + } + } +} +``` + +## 3. Define ImagePullSecret in Terraform template + +```hcl +resource "kubernetes_pod" "dev" { + metadata { + # this must be the same namespace where workspaces will be deployed + namespace = "workspaces-namespace" + } + + spec { + image_pull_secrets { + name = "regcred" + } + container { + name = "dev" + image = "your-image:latest" + } + } +} +``` diff --git a/docs/manifest.json b/docs/manifest.json index 4dbfc875b42df..149770ff17101 100644 --- a/docs/manifest.json +++ b/docs/manifest.json @@ -1020,6 +1020,11 @@ "title": "Google to AWS Federation", "description": "Federating a Google Cloud service account to AWS", "path": "./guides/gcp-to-aws.md" + }, + { + "title": "Template ImagePullSecrets", + "description": "Creating ImagePullSecrets for private registries", + "path": "./guides/image-pull-secret.md" } ] }