Terraform-provider-kubernetes: Cant create imagePullSecret

Created on 26 Oct 2017 · 7Comments · Source: hashicorp/terraform-provider-kubernetes

Hi there,

Terraform Version

Terraform v0.10.7

Affected Resource(s)

Please list the resources as a list, for example:

kubernetes secret

If this issue appears to affect multiple resources, it may be an issue with Terraform's core, so please mention this.

Terraform Configuration Files

resource "kubernetes_secret" "regsecret" {
  metadata {
    name = "regsecret"
    namespace = "${var.namespace}"
  }

  data {
    docker-server = "${var.docker_server}"
    docker-username = "${var.docker_username}"
    docker-password = "${var.docker_password}"
    docker-email = "${var.docker_email}"
  }

  type = "kubernetes.io/dockercfg"
}

Debug Output

module.k8s_cluster_init.kubernetes_secret.regsecret: 1 error(s) occurred:
kubernetes_secret.regsecret: Secret "regsecret" is invalid: data[.dockercfg]: Required value

Expected Behavior

create imagepullsecret

Actual Behavior

failed to create

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

terraform apply

References

Are there any other GitHub issues (open or closed) or Pull Requests that should be linked here? For example:

https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/

question

Source

shavo007

Most helpful comment

Hi @shavo007 + @pycaster
As far as I know, secrets of type kubernetes.io/dockercfg can only contain a single data item named .dockercfg.

As documented - the kubectl tool is taking the individual docker auth params (server, user, email, password) and constructing the dockercfg json structure before submitting to the Kubernetes API as the value for the .dockercfg secret item.

I've used something like this in the past to create the image pull secrets structure:

locals {
  dockercfg = {
    "${var.docker_server}" = {
      email    = "${var.docker_email}"
      username = "${var.docker_username}"
      password = "${var.docker_password}"
    }
  }
}

resource "kubernetes_secret" "regsecret" {
  metadata {
    name = "regsecret"
  }

  data {
    ".dockercfg" = "${ jsonencode(local.dockercfg) }"
  }

  type = "kubernetes.io/dockercfg"
}

sl1pm4t on 22 Nov 2017

👍14 🎉7 🚀1

All 7 comments

Any updates on this? I ran into the same issue.

pycaster on 22 Nov 2017

👍1

Hi @shavo007 + @pycaster
As far as I know, secrets of type kubernetes.io/dockercfg can only contain a single data item named .dockercfg.

I've used something like this in the past to create the image pull secrets structure:

locals {
  dockercfg = {
    "${var.docker_server}" = {
      email    = "${var.docker_email}"
      username = "${var.docker_username}"
      password = "${var.docker_password}"
    }
  }
}

resource "kubernetes_secret" "regsecret" {
  metadata {
    name = "regsecret"
  }

  data {
    ".dockercfg" = "${ jsonencode(local.dockercfg) }"
  }

  type = "kubernetes.io/dockercfg"
}

sl1pm4t on 22 Nov 2017

👍14 🎉7 🚀1

@sl1pm4t . Just the right recipe. Works great. Thanks.

pycaster on 23 Nov 2017

@pycaster + @shavo007 can this issue be closed?

sl1pm4t on 20 Dec 2017

@sl1pm4t . Please do.

pycaster on 25 Dec 2017

Haven't had a chance to test it out. If it works, all good.

shavo007 on 26 Dec 2017

its working.