Last active
November 8, 2018 04:52
-
-
Save integrii/b702593324c4a1aef2803287f10c9c1a to your computer and use it in GitHub Desktop.
Create a Google Image Host Secret
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| You can create the file with the following script. The script creates the necessary Google Cloud Platform (GCP) service account and gives it access to the registry. | |
| # create a GCP service account; format of account is email address | |
| SA_EMAIL=$(gcloud iam service-accounts --format='value(email)' create k8s-gcr-auth-ro) | |
| # create the json key file and associate it with the service account | |
| gcloud iam service-accounts keys create k8s-gcr-auth-ro.json --iam-account=$SA_EMAIL | |
| # get the project id | |
| PROJECT=$(gcloud config list core/project --format='value(core.project)') | |
| # add the IAM policy binding for the defined project and service account | |
| gcloud projects add-iam-policy-binding $PROJECT --member serviceAccount:$SA_EMAIL --role roles/storage.objectViewer | |
| Then create the secret and specify the file that you just created: | |
| SECRETNAME=varSecretName | |
| kubectl create secret docker-registry $SECRETNAME \ | |
| --docker-server=https://gcr.io \ | |
| --docker-username=_json_key \ | |
| [email protected] \ | |
| --docker-password="$(cat k8s-gcr-auth-ro.json)" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment