From 8d11479a6ecab51fefe09e6b89c8ad294eb616b3 Mon Sep 17 00:00:00 2001 From: Eric Date: Sat, 13 Jan 2024 00:31:45 +0000 Subject: [PATCH 1/3] docs: add guide for template imagepullsecret --- docs/guides/example-guide.md | 2 +- docs/guides/gcp-to-aws.md | 10 ++++ docs/guides/image-pull-secret.md | 78 ++++++++++++++++++++++++++++++++ 3 files changed, 89 insertions(+), 1 deletion(-) create mode 100644 docs/guides/image-pull-secret.md diff --git a/docs/guides/example-guide.md b/docs/guides/example-guide.md index 820a6f3ffecdd..f0f0dc9bd75ee 100644 --- a/docs/guides/example-guide.md +++ b/docs/guides/example-guide.md @@ -3,7 +3,7 @@
Your Name - +
December 13, 2023 diff --git a/docs/guides/gcp-to-aws.md b/docs/guides/gcp-to-aws.md index de35650bd4c8e..35cfef89fe911 100644 --- a/docs/guides/gcp-to-aws.md +++ b/docs/guides/gcp-to-aws.md @@ -1,5 +1,15 @@ # Federating a Google Cloud service account to AWS +
+ + Your Name + + +
+January 4, 2024 + +--- + This guide will walkthrough how to use a Google Cloud service account to authenticate the Coder control plane to AWS and create an EC2 workspace. The below steps assume your Coder control plane is running in Google Cloud and has diff --git a/docs/guides/image-pull-secret.md b/docs/guides/image-pull-secret.md new file mode 100644 index 0000000000000..21260e378e540 --- /dev/null +++ b/docs/guides/image-pull-secret.md @@ -0,0 +1,78 @@ +# Defining ImagePullSecrets for Coder workspaces + +
+ + Your Name + + +
+January 12, 2024 + +--- + +Coder workspaces are commonly run as Kubernetes pods. When run inside of an enterprise, +the pod image is typically pulled from a private image registry. This guide walks +through creating an ImagePullSecret to use for authenticating to your registry. + +## 1. Create Docker Config JSON File + +Create a Docker configuration JSON file containing your registry credentials. +Replace ``, ``, and `` with your +actual Docker registry URL, username, and password. + +```json +{ + "auths": { + "": { + "username": "", + "password": "" + } + } +} +``` + +## 2. Create Kubernetes Secret + +Run the below `kubectl` command in the K8s cluster where you intend to run your Coder +workspaces: + +```console +kubectl create secret generic regcred \ + --from-file=.dockerconfigjson= \ + --type=kubernetes.io/dockerconfigjson \ + --namespace= +``` + +Inspect the secret to confirm its contents: + +```console +kubectl get secret -n regcred --output="jsonpath={.data.\.dockerconfigjson}" | base64 --decode +``` + +The output should look similar to this: + +```json +{"auths":{"your.private.registry.com":{"username":"ericpaulsen","password":"xxxx","auth":"c3R...zE2"}}} +``` + +## 3. Define ImagePullSecret in Terraform template + +```hcl +resource "kubernetes_pod" "dev" { + metadata { + # this must be the same namespace where workspaces will be deployed + namespace = "workspaces-namespace" + } + + spec { + image_pull_secrets { + name = "regcred" + } + container { + name = "dev" + image = "your-image:latest" + } + } +} +``` + From c126eb1347da838b856334f1f63d0aad00460c8f Mon Sep 17 00:00:00 2001 From: Eric Date: Sat, 13 Jan 2024 00:35:51 +0000 Subject: [PATCH 2/3] add: manifest --- docs/guides/image-pull-secret.md | 4 ++-- docs/manifest.json | 5 +++++ 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/docs/guides/image-pull-secret.md b/docs/guides/image-pull-secret.md index 21260e378e540..ffd5d0dc23728 100644 --- a/docs/guides/image-pull-secret.md +++ b/docs/guides/image-pull-secret.md @@ -12,7 +12,8 @@ January 12, 2024 Coder workspaces are commonly run as Kubernetes pods. When run inside of an enterprise, the pod image is typically pulled from a private image registry. This guide walks -through creating an ImagePullSecret to use for authenticating to your registry. +through creating an ImagePullSecret to use for authenticating to your registry, +and defining it in your workspace template. ## 1. Create Docker Config JSON File @@ -75,4 +76,3 @@ resource "kubernetes_pod" "dev" { } } ``` - diff --git a/docs/manifest.json b/docs/manifest.json index 4dbfc875b42df..149770ff17101 100644 --- a/docs/manifest.json +++ b/docs/manifest.json @@ -1020,6 +1020,11 @@ "title": "Google to AWS Federation", "description": "Federating a Google Cloud service account to AWS", "path": "./guides/gcp-to-aws.md" + }, + { + "title": "Template ImagePullSecrets", + "description": "Creating ImagePullSecrets for private registries", + "path": "./guides/image-pull-secret.md" } ] } From 78c01c0338534f3d72d5d6faea88122247f682b5 Mon Sep 17 00:00:00 2001 From: Eric Date: Sat, 13 Jan 2024 00:39:37 +0000 Subject: [PATCH 3/3] make: fmt --- docs/guides/image-pull-secret.md | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/docs/guides/image-pull-secret.md b/docs/guides/image-pull-secret.md index ffd5d0dc23728..661f104ebea9e 100644 --- a/docs/guides/image-pull-secret.md +++ b/docs/guides/image-pull-secret.md @@ -10,10 +10,10 @@ January 12, 2024 --- -Coder workspaces are commonly run as Kubernetes pods. When run inside of an enterprise, -the pod image is typically pulled from a private image registry. This guide walks -through creating an ImagePullSecret to use for authenticating to your registry, -and defining it in your workspace template. +Coder workspaces are commonly run as Kubernetes pods. When run inside of an +enterprise, the pod image is typically pulled from a private image registry. +This guide walks through creating an ImagePullSecret to use for authenticating +to your registry, and defining it in your workspace template. ## 1. Create Docker Config JSON File @@ -34,8 +34,8 @@ actual Docker registry URL, username, and password. ## 2. Create Kubernetes Secret -Run the below `kubectl` command in the K8s cluster where you intend to run your Coder -workspaces: +Run the below `kubectl` command in the K8s cluster where you intend to run your +Coder workspaces: ```console kubectl create secret generic regcred \ @@ -53,7 +53,15 @@ kubectl get secret -n regcred --output="jsonpath={.data.\ The output should look similar to this: ```json -{"auths":{"your.private.registry.com":{"username":"ericpaulsen","password":"xxxx","auth":"c3R...zE2"}}} +{ + "auths": { + "your.private.registry.com": { + "username": "ericpaulsen", + "password": "xxxx", + "auth": "c3R...zE2" + } + } +} ``` ## 3. Define ImagePullSecret in Terraform template