Creating imagePullSecrets for a specific namespace

An imagePullSecrets is an authorization token, also known as a secret, that stores Docker credentials that are used for accessing a registry. The imagePullSecrets can be used when installing software that requires entitlement.

Two formats are available for you to create an application from the management console. You can create applications either by entering the parameter values in the Create Deployments window or by pasting a YAML file into the "Create resource" window.

If you want to use images from a different namespace in your private image registry, you must provide the imagePullSecrets value for that namespace in the YAML file.

To create the imagePullSecrets:

1. Install the kubectl command line interface and configure the connection to your IBM® Cloud Private cluster. See Accessing your cluster from the Kubernetes CLI (kubectl).

2. Switch to the namespace that you want to create the deployment in.

   kubectl config set-context <cluster_name>-context --user=<user_name> --namespace=<namespace_name>
   

   Where, <cluster_name> is the name of your cluster as defined in Cluster configuration ConfigMap.

3. Create the secret. Run the following command:

   kubectl create secret docker-registry myregistrykey --docker-server=<cluster_CA_domain>:8500 --docker-username=<user_name> --docker-password=<user_password> --docker-email=<user_email>
   

   Where, <cluster_CA_domain> is the certificate authority (CA) domain that was set in the config.yaml file during installation.

4. View the secret. Run the following command:

   kubectl get secret
   

   The output resembles the following text:

   NAME                  TYPE                                  DATA      AGE
   myregistrykey         kubernetes.io/dockercfg               1         5d
   default-token-5gjfc   kubernetes.io/service-account-token   3         5d
   

   In this example, the myregistrykey secret is available for use in the default namespace.

Using the imagePullSecret in a deployment

Add the imagePullSecrets parameter to the deployment's YAML file. Place the imagePullSecrets parameter in the spec section of the templates section, as shown in the following sample:

  apiVersion: apps/v1beta2
  kind: Deployment
  metadata:
    name: nginx-demo
  spec:
    replicas: 1
    selector:
      matchLabels:
        app: nginx
    template:
      metadata:
        labels:
          app: nginx
      spec:
        hostNetwork: false
        containers:
        - name: nginx
          image: mycluster.icp:8500/developer/nginx
          ports: []
          resources:
            limits: {}
        imagePullSecrets:
        - name: myregistrykey