Coder workspaces are commonly run as Kubernetes pods. When run inside of an enterprise, the pod image is typically pulled from a private image registry. This guide walks through creating an ImagePullSecret to use for authenticating to your registry, and defining it in your workspace template.
Create a Docker configuration JSON file containing your registry credentials.
Replace <your-registry>, <your-username>, and <your-password> with your
actual Docker registry URL, username, and password.
{
"auths": {
"<your-registry>": {
"username": "<your-username>",
"password": "<your-password>"
}
}
}Run the below kubectl command in the K8s cluster where you intend to run your
Coder workspaces:
kubectl create secret generic regcred \
--from-file=.dockerconfigjson=<path-to-docker-config.json> \
--type=kubernetes.io/dockerconfigjson \
--namespace=<workspaces-namespace>Inspect the secret to confirm its contents:
kubectl get secret -n <workspaces-namespace> regcred --output="jsonpath={.data.\.dockerconfigjson}" | base64 --decodeThe output should look similar to this:
{
"auths": {
"your.private.registry.com": {
"username": "ericpaulsen",
"password": "xxxx",
"auth": "c3R...zE2"
}
}
}With the ImagePullSecret now created, we can add the secret into the workspace
template. In the example below, we define the secret via the
image_pull_secrets argument. Note that this argument is nested at the same
level as the container argument:
resource "kubernetes_pod" "dev" {
metadata {
# this must be the same namespace where workspaces will be deployed
namespace = "workspaces-namespace"
}
spec {
image_pull_secrets {
name = "regcred"
}
container {
name = "dev"
image = "your-image:latest"
}
}
}Update your template by running the following commands:
coder login <access-url>
coder templates push <template-name>