The following isn’t unique to OCIR, as it will hold true for any K8s Deployment YAML configuration that works with an Open Container Initiative compliant registry. To define the containers part of the YAML file we need to provide an attribute that can be used to confirm the legitimacy of the request. To do this we need to supply a token. However, we don’t want this token to be visible in plain sight in our YAML. The solution to this is to set up a secret within Kubernetes.
In the following YAML extract, we can see the secret is named.
kind: Deployment metadata: name: graph-svr-deploy labels: app: arch-oke-graphql spec: replicas: 1 selector: matchLabels: app: arch-oke-graphql template: metadata: name: graph-svr-deploy labels: app: arch-oke-graphql spec: containers: - name: graphql-svr image: iad.ocir.io/ociobenablement/graphql-svr:latest ports: - containerPort: 4000 name: graph-svr-web imagePullSecrets: - name: ocirsecret
This does mean we need to create the secret. As this is a one-off task the easiest step is to create the secret by hand. To do that we use the command:
@kubectl create secret docker-registry ocirsecret --docker-server=iad.ocir.io --firstname.lastname@example.org --docker-password='xxxxxxxx' --email@example.com
This naturally leads to the next question where do we get the secret?
This step is straightforward. Navigating using the user icon top right (highlighted in the screenshot below), select the User Settings option to get to the screen shown below. Then use the right-hand menu option highlight (Auth Tokens). This displays a section of the UI showing your current auth tokens and provides a button that will popup a window to guide you through creating a new auth token.