Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- $ kubectl create secret docker-registry myregistrykey --docker-server=DOCKER_REGISTRY_SERVER --docker-username=DOCKER_USER --docker-password=DOCKER_PASSWORD --docker-email=DOCKER_EMAIL
- $ gcloud auth print-access-token
- apiVersion: v1
- kind: Secret
- metadata:
- name: mykey
- data:
- .dockercfg: <paste base64 encoded string here>
- type: kubernetes.io/dockercfg
- apiVersion: v1
- kind: Pod
- metadata:
- name: foo
- namespace: awesomeapps
- spec:
- containers:
- - image: "janedoe/awesomeapp:v1"
- name: foo
- imagePullSecrets:
- - name: mykey
- kubectl create secret docker-registry mydockercfg
- --docker-server "https://eu.gcr.io"
- --docker-username _json_key
- --docker-email not@val.id
- --docker-password=$(cat your_service_account.json)
- eu.artifacts.{project-id}.appspot.com
- $ docker login -e 1234@5678.com -u _json_key -p "$JSON_KEY" https://gcr.io
- export GCR_KEY_JSON=$(cat ~/secret.json | tr -d 'n')
- mv ~/.docker/config.json ~/.docker/config-orig.json
- cat >~/.docker/config.json <<EOL
- {
- "auths": {
- "gcr.io": {}
- }
- }
- EOL
- docker login -e not@val.id -u _json_key -p "$GCR_KEY_JSON" https://gcr.io
- export DOCKER_CONFIG_JSON_NO_NEWLINES=$(cat ~/.docker/config.json | tr -d 'n')
- mv ~/.docker/config-orig.json ~/.docker/config.json
- cat >secrets.yaml <<EOL
- apiVersion: v1
- kind: Secret
- metadata:
- name: gcr-key
- data:
- .dockerconfigjson: $(echo -n ${DOCKER_CONFIG_JSON_NO_NEWLINES} | base64 | tr -d 'n')
- type: kubernetes.io/dockerconfigjson
- EOL
- kubectl create -f secrets.yaml
- spec:
- imagePullSecrets:
- - name: gcr-key
- containers:
- - image: ...
- gsutil iam ch serviceAccount:[EMAIL-ADDRESS]:objectViewer gs://[BUCKET_NAME]
- artifacts.[PROJECT-ID].appspot.com for images pushed to gcr.io/[PROJECT-ID], or
- [REGION].artifacts.[PROJECT-ID].appspot.com, where [REGION] is:
- us for registry us.gcr.io
- eu for registry eu.gcr.io
- asia for registry asia.gcr.io
- The email address of the service account called: **Compute Engine default service account** in the GCP project where the Kubernetes cluster run
Add Comment
Please, Sign In to add comment