As of this writing Google Kubernetes Engine does not offer an auto-magic integration with Google Cloud Repositories.
We're left to our own devices but you're in luck! In two steps you'll be up and running..
Step 1: Create service account
Step 2: Create the secret β
Create a new Secret
that contains the authentication information required by the docker daemon (aka docker config json).
You have two options:
Option #1: Auto-magic secret creation with terraform π€©
Create a file called image-secret.tf
and deploy the following resource
:
Option #2: Manually create the secret π¬
Use this if you're in a bind or want to test things out.
Please don't use this in a production environment given idempotency requirements of Infrastructure-as-Code.
kubectl create secret docker-registry gcr \
--docker-server=gcr.io \
--docker-username=_json_key \
--docker-password="$(cat google-service-account-key.json)" \
--docker-email=matthew@matthewdavis.io
Now patch the default service account (or the service account your pod(s) are currently using):
kubectl patch serviceaccount default -p '{"imagePullSecrets": [{"name": "gcr"}]}'
Test the contents of your secret:
kg secret gcr-image-pull -o jsonpath={.data}
echo "base64 output from above" | base64 -d
Step 2: Employ imagePullSecrets
π½
apiVersion: v1
kind: Pod
metadata:
name: uses-private-registry
spec:
containers:
- name: private-reg-container
image: gcr.io/someproject1234/myimage:v.1.2.3
imagePullSecrets:
- name: gcr