Creating Image Pull Secrets

Image pull secrets are essentially a combination of registry, username, and password. You may need them in an application you are deploying, but to create them requires running base64 a couple of times. We can write a helper template to compose the Docker configuration file for use as the Secret’s payload. Here is an example:

First, assume that the credentials are defined in the values.yaml file like so:

  1. imageCredentials:
  2.   registry: quay.io
  3.   username: someone
  4.   password: sillyness

We then define our helper template as follows:

  1. {{- define "imagePullSecret" }}
  2. {{- printf "{\"auths\": {\"%s\": {\"auth\": \"%s\"}}}" .Values.imageCredentials.registry (printf "%s:%s" .Values.imageCredentials.username .Values.imageCredentials.password | b64enc) | b64enc }}
  3. {{- end }}

Finally, we use the helper template in a larger template to create the Secret manifest:

  1. apiVersion: v1
  2. kind: Secret
  3. metadata:
  4.   name: myregistrykey
  5. type: kubernetes.io/dockerconfigjson
  6. data:
  7.   .dockerconfigjson: {{ template "imagePullSecret" . }}