Tags
Containers, deploy, K8s, Kuberrnetes, OCIR, registry, secret, token
The following isn’t unique to OCIR, as it will hold true for any K8s Deployment YAML configuration that works with an Open Container Initiative compliant registry. To define the containers part of the YAML file we need to provide an attribute that can be used to confirm the legitimacy of the request. To do this we need to supply a token. However, we don’t want this token to be visible in plain sight in our YAML. The solution to this is to set up a secret within Kubernetes.
In the following YAML extract, we can see the secret is named.
kind: Deployment
metadata:
name: graph-svr-deploy
labels:
app: arch-oke-graphql
spec:
replicas: 1
selector:
matchLabels:
app: arch-oke-graphql
template:
metadata:
name: graph-svr-deploy
labels:
app: arch-oke-graphql
spec:
containers:
- name: graphql-svr
image: iad.ocir.io/ociobenablement/graphql-svr:latest
ports:
- containerPort: 4000
name: graph-svr-web
imagePullSecrets:
- name: ocirsecret
This does mean we need to create the secret. As this is a one-off task the easiest step is to create the secret by hand. To do that we use the command:
@kubectl create secret docker-registry ocirsecret --docker-server=iad.ocir.io --docker-username=ociobenablement/identitycloudservice/philip.wilkins@oracle.com --docker-password='xxxxxxxx' --docker-email=philip.wilkins@oracle.comThis naturally leads to the next question where do we get the secret?
This step is straightforward. Navigating using the user icon top right (highlighted in the screenshot below), select the User Settings option to get to the screen shown below. Then use the right-hand menu option highlight (Auth Tokens). This displays a section of the UI showing your current auth tokens and provides a button that will popup a window to guide you through creating a new auth token.
Phil (aka MP3Monster)'s Blog 
You must be logged in to post a comment.