How to Create imagePullSecrets for a Private Registry From CI
A docker-registry secret gives Kubernetes the credentials pods need to pull private images.
From CI, run kubectl create secret docker-registry (idempotently) and reference it in the pod spec via imagePullSecrets.
Steps
- Create the secret with
kubectl create secret docker-registry. - Use
--dry-run=client -o yaml | kubectl apply -f -to make it idempotent. - Reference it under
spec.imagePullSecretsin the workload.
Terminal
Terminal
kubectl create secret docker-registry ghcr-pull \
--docker-server=ghcr.io \
--docker-username="$GITHUB_ACTOR" \
--docker-password="$GITHUB_TOKEN" \
--dry-run=client -o yaml | kubectl apply -f -Pod reference
deployment.yaml
spec:
imagePullSecrets:
- name: ghcr-pull
containers:
- name: app
image: ghcr.io/acme/app:1.4.2Related guides
How to Promote an Image Across Environments by Digest in CIPromote a container image from staging to production by its immutable digest in GitHub Actions with crane or…
How to Log In to GitHub Container Registry From CIAuthenticate to GitHub Container Registry (ghcr.io) from a GitHub Actions workflow with docker/login-action a…