How can I use Github packages Docker registry in Kubernetes dockerconfigjson?
- Create new Github Personal Access Token with
read:packages
scope at https://github.com/settings/tokens/new. Base-64 encode
<your-github-username>:<TOKEN>
, ie.:$ echo -n VojtechVitek:4eee0faaab222ab333aa444aeee0eee7ccc555b7 | base64<AUTH>
Note: Make sure not to encode a newline character at the end of the string.
Create kubernetes.io/dockerconfigjson secret
A) Create secret manually:
$ echo '{"auths":{"docker.pkg.github.com":{"auth":"<AUTH>"}}}' | kubectl create secret generic dockerconfigjson-github-com --type=kubernetes.io/dockerconfigjson --from-file=.dockerconfigjson=/dev/stdin
B) Or, create .yml file that can be used in
kubectl apply -f
:kind: Secrettype: kubernetes.io/dockerconfigjsonapiVersion: v1metadata: name: dockerconfigjson-github-comstringData: .dockerconfigjson: {"auths":{"docker.pkg.github.com":{"auth":"<AUTH>"}}}
Note for GitOps: I strongly recommend not to store the above file in plain-text in your git repository. Hydrate the value in your CD pipeline or encrypt/seal the file with tools like https://github.com/mozilla/sops or https://github.com/bitnami-labs/sealed-secrets.
Now, you can reference the above secret from your pod's spec definition via
imagePullSecrets
field:spec: containers: - name: your-container-name image: docker.pkg.github.com/<ORG>/<REPO>/<PKG>:<TAG> imagePullSecrets: - name: dockerconfigjson-github-com
I had to migrate from docker.pkg.github.com to ghcr.io to get this to work with containerd: https://docs.github.com/en/packages/working-with-a-github-packages-registry/migrating-to-the-container-registry-from-the-docker-registry
Don't forget to create the token with read:packages
:
kubectl create secret docker-registry dockerconfigjson-github-com \ --dry-run=true \ --docker-server=https://docker.pkg.github.com \ --docker-username=<username> \ --docker-password=<https://github.com/settings/tokens/new> \ --namespace=default -o yaml
Add the pull secret:
spec: containers: - name: your-container-name image: docker.pkg.github.com/<ORG>/<REPO>/<PKG>:<TAG> imagePullSecrets: - name: dockerconfigjson-github-com