Terraform-provider-kubernetes: How to pull images from private registry when using Terraform Kubernetes provider

Created on 6 May 2020  ·  4Comments  ·  Source: hashicorp/terraform-provider-kubernetes

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

How to pull images from private registry when using Terraform Kubernetes provider

My Terraform Configuration

data "google_client_config" "provider" {}
provider "kubernetes" {
  version = "~> 1.10.0"
  host    = google_container_cluster.default.endpoint
  token   = data.google_client_config.current.access_token
  client_certificate = base64decode(
    google_container_cluster.default.master_auth[0].client_certificate,
  )
  client_key = base64decode(google_container_cluster.default.master_auth[0].client_key)
  cluster_ca_certificate = base64decode(
    google_container_cluster.default.master_auth[0].cluster_ca_certificate,
  )
}

resource "kubernetes_namespace" "staging" {
  metadata {
    name = "staging"
  }
}

#resource "kubernetes_secret" "example" {
#  metadata {
#    name = "docker-cfg"
#  }
#
#  data = {
#    ".dockerconfigjson" = "${file(".docker/config.json")}"
#  }
#
#  type = "kubernetes.io/dockerconfigjson"
#}

resource "google_compute_address" "default" {
  name   = var.network_name
  region = var.region
}

resource "kubernetes_service" "nginx" {
  metadata {
    namespace = kubernetes_namespace.staging.metadata[0].name
    name      = "nginx"
  }

  spec {
    selector = {
      run = "nginx"
    }

    session_affinity = "ClientIP"

    port {
      protocol    = "TCP"
      port        = 80
      target_port = 80
    }

    type             = "LoadBalancer"
    load_balancer_ip = google_compute_address.default.address
  }
}

resource "kubernetes_replication_controller" "nginx" {
  metadata {
    name      = "nginx"
    namespace = kubernetes_namespace.staging.metadata[0].name

    labels = {
      run = "nginx"
    }
  }

  spec {
    selector = {
      run = "nginx"
    }

    template {
      container {
        image = "bugb/angular9-sample-app"
        name  = "angular9-sample-app"

        resources {
          limits {
            cpu    = "0.5"
            memory = "512Mi"
          }

          requests {
            cpu    = "250m"
            memory = "50Mi"
          }
        }
      }
    }
  }
}

output "load-balancer-ip" {
  value = google_compute_address.default.address
}

You can see the line

image = "bugb/angular9-sample-app"

Here if the image from private registry, it does not work.

I am trying to add my docker secret like this article: https://www.terraform.io/docs/providers/kubernetes/r/secret.html#example-usage-docker-config-

But it does not work. Please help!

References

https://www.terraform.io/docs/providers/kubernetes/r/secret.html#example-usage-docker-config-

documentation question sizS waiting-response
Source
picture bugb
👍2

Most helpful comment

You seem to be missing a reference to the secret in your Pod template. You can add it using the image_pull_secrets attribute, documented here: https://www.terraform.io/docs/providers/kubernetes/r/pod.html#image_pull_secrets

The whole workflow is also discussed in the Kubernetes docs here: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/

picture alexsomesan on 15 Jul 2020
👍3

All 4 comments

Hello, bugb.

Did you find solution?

aleks-noname picture aleks-noname on 7 Jul 2020

You seem to be missing a reference to the secret in your Pod template. You can add it using the image_pull_secrets attribute, documented here: https://www.terraform.io/docs/providers/kubernetes/r/pod.html#image_pull_secrets

The whole workflow is also discussed in the Kubernetes docs here: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/

alexsomesan picture alexsomesan on 15 Jul 2020
👍3

Closing since Alex has indicated the issue in the config.

aareet picture aareet on 2 Sep 2020

I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!

hashibot[bot] picture hashibot[bot] on 10 Oct 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

rehevkor5 picture rehevkor5  ·  3Comments
marcincuber picture marcincuber  ·  3Comments
a-m5 picture a-m5  ·  4Comments
pdecat picture pdecat  ·  4Comments
bdronneau picture bdronneau  ·  4Comments