How can I pull docker.pkg.github.com Docker images from within Kubernetes cluster?
Currently, the Github Docker registry requires authentication even for packages from public Github repositories.
read:packages scope at https://github.com/settings/tokens/new.Base-64 encode <your-github-username>:<TOKEN>, ie.:
$ echo -n VojtechVitek:4eee0faaab222ab333aa444aeee0eee7ccc555b7 | base64
<AUTH>Note: Make sure not to encode a newline character at the end of the string.
Create kubernetes.io/dockerconfigjson secret
A) Create secret manually:
$ echo '{"auths":{"docker.pkg.github.com":{"auth":"<AUTH>"}}}' | kubectl create secret generic dockerconfigjson-github-com --type=kubernetes.io/dockerconfigjson --from-file=.dockerconfigjson=/dev/stdinB) Or, create .yml file that can be used in kubectl apply -f:
kind: Secret
type: kubernetes.io/dockerconfigjson
apiVersion: v1
metadata:
name: dockerconfigjson-github-com
stringData:
.dockerconfigjson: {"auths":{"docker.pkg.github.com":{"auth":"<AUTH>"}}}Note for GitOps: I strongly recommend not to store the above file in plain-text in your git repository. Hydrate the value in your CD pipeline or encrypt/seal the file with tools like https://github.com/mozilla/sops or https://github.com/bitnami-labs/sealed-secrets.
Now, you can reference the above secret from your pod's spec definition via imagePullSecrets field:
spec:
containers:
- name: your-container-name
image: docker.pkg.github.com/<ORG>/<REPO>/<PKG>:<TAG>
imagePullSecrets:
- name: dockerconfigjson-github-com