How to write a chart for imagePullSecret from gcr

Question

I'm trying to write Helm Charts for our product. The images are stored on GCR private repo. The charts for all components are ready, but I'm trying to write a YAML file in a chart for imagePullSecrets. I've read chart tips from here,

I also know how to create imagePullSecret with:

kubectl create secret docker-registry mydockercfg \
        --docker-server "https://eu.gcr.io" \
        --docker-username _json_key \
        --docker-email [email protected] \
        --docker-password=$(cat your_service_account.json)

But I don't know how to fill the content of "your_service_account.json" to password of values.yaml of that Chart. It's better I can change the name "your_service_account.json" to update the password of values.yaml.

Currently, My implementation is as follows:

$ cat values.yaml
secretName: gcr-json-key-test
imageCredentials:
  registry: us.gcr.io/xxxxx
  username: _json_key
  password:

Contents of secrets.yaml:

$ cat templates/secrets.yaml
apiVersion: v1
kind: Secret
metadata:
  name: {{ .Values.secretName }}
    labels:
    app: {{ template "fullname" . }}
    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
    release: "{{ .Release.Name }}"
    heritage: "{{ .Release.Service }}"
type: kubernetes.io/dockercfg
data:
  .dockerconfigjson: {{ template "imagePullSecret" . }}

Contents of _helpers.tpl:

$ cat templates/_helpers.tpl
{{/*
Expand the name of the chart.
*/}}
{{- define "name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited 
to this (by the DNS naming spec).
 */}}
{{- define "fullname" -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- define "imagePullSecret" }}
{{- printf "{\"auths\": {\"%s\": {\"auth\": \"%s\"}}}" .Values.imageCredentials.registry (printf "%s:%s" .Values.imageCredentials.username .Values.imageCredentials.password | b64enc) | b64enc }}
{{- end }}

And then using

$ helm install ./secrets --set imageCredentials.password "$(cat ./my_service_account.json)"

Will result an error:

Error: This command needs 1 argument: chart name

How can I solve this problem?

Answer 1

It can be created and deployed using the following steps:

Steps:

1. Create base64 encoded string using your docker_username and docker_password

   $ echo -n "docker_username:docker_password" | base64
   ZG9rY2VyX3VzZXI6ZG9ja2VyX3Bhc3N3b3Jk
   

2. Place the encoded string obtained in the Step 1 as value for auth key in the following Json and fill the required details.

   {
     "https://eu.gcr.io":
      { 
        "username":"docker_user",
        "password":"docker_password",
        "email":"[email protected]",
        "auth":"ZG9rY2VyX3VzZXI6ZG9ja2VyX3Bhc3N3b3Jk",
      }
    }
   

3. Reduce this json into a string enclosed by single quote:

   '{"https://eu.gcr.io":{"username":"docker_user","password":"docker_password","email":"[email protected]","auth":"ZG9rY2VyX3VzZXI6ZG9ja2VyX3Bhc3N3b3Jk"}}'
   

4. Create base64 encoded string for the above Json string as follows:

   $ echo -n '{"https://eu.gcr.io":{"username":"docker_user","password":"docker_password","email":"[email protected]","auth":"ZG9rY2VyX3VzZXI6ZG9ja2VyX3Bhc3N3b3Jk"}}' | base64 
   eyJodHRwczovL2V1Lmdjci5pbyI6eyJ1c2VybmFtZSI6ImRva2Nlcl91c2VyIiwicGFzc3dvcmQiOiJkb2NrZXJfcGFzc3dvcmQiLCJlbWFpbCI6ImRvY2tlckBnYW1pbC5jb20iLCJhdXRoIjoiWkc5clkyVnlYM1Z6WlhJNlpHOWphMlZ5WDNCaGMzTjNiM0prIn19
   

5. Create secret.yml in the following format:

   $ cat templates/secrets.yaml
   apiVersion: v1
   kind: Secret
   metadata:
      name: {{ .Values.secretName }}
      labels:
        app: {{ template "fullname" . }}
        chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
        release: "{{ .Release.Name }}"
        heritage: "{{ .Release.Service }}"
   type: kubernetes.io/dockercfg
   data:
     .dockercfg: {{ .Values.dockercfg }}
   

6. Place the encoded string obtained in Step 4 in the value.yaml:

   $ cat values.yaml
   secretName: gcr-json-key-test
   dockercfg:
   

7. Install the chart using the following command:

   $ helm install ./secrets -n release_name --set dockecfg="eyJodHRwczovL2V1Lmdjci5pbyI6eyJ1c2VybmFtZSI6ImRva2Nlcl91c2VyIiwicGFzc3dvcmQiOiJkb2NrZXJfcGFzc3dvcmQiLCJlbWFpbCI6ImRvY2tlckBnYW1pbC5jb20iLCJhdXRoIjoiWkc5clkyVnlYM1Z6WlhJNlpHOWphMlZ5WDNCaGMzTjNiM0prIn19" --debug
   

   or store it in a file ( .dockercfg ) and use the following command

   $ helm install ./secrets -n release_name --set dockecfg="$(cat ./.dockercfg )"
   

Hope this will be useful...!! :)