_Creating an Image Pull Secret - blackducksoftware/hub GitHub Wiki

This page has been deprecated. Please see the official Kubernetes Black Duck Installation Guide here.

Creating an Image Pull Secret

In order to pull Black Duck installation images from a secured, private registry, you must create an "image pull secret," which contains the credentials needed to pull the images from the registry. (See Pushing Black Duck Images to a Secure Registry for instructions on putting the Black Duck images in the registry.)

Docker Login

The first step in creating the image pull secret is doing a Docker Login to the secure registry.

  • Docker login to the Container Registry

    docker login -u <customer_id> <secure_registry>

    Note: If your secure registry is the Red Hat Container Catalog, then the customer_id is your Red Hat Customer Portal User ID, and the secure_registry is "registry.connect.redhat.com".

  • The above command will prompt for the password. Provide the password and hit enter and make sure that a "Login Succeeded" message displays in the console.

Once the Docker login is successful, the Docker registry information will be added to your Docker configuration file. You can verify this by opening the ".docker/config.json" file, which should exist your user directory. It should look like this:

{
      "auths": {
              "<your secure registry>": {
                      "auth": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
              }
      }
}

Create the image pull secret

You can now use the Docker config file to create an image pull secret.

First, you must create the namespace that you want to install Black Duck in. Run a command of the form:

kubectl create ns <BLACK_DUCK_NAMESPACE_NAME>

Note: You'll need to specify this namespace later when you install Black Duck using Synopsys Operator.

Next, create the image pull secret:

kubectl create secret generic custom-registry-pull-secret --from-file=.dockerconfigjson="<<DOCKER_CONFIG_PATH>>" --type=kubernetes.io/dockerconfigjson -n <<BLACK_DUCK_NAMESPACE>>

Link the image pull secret to service accounts

Run the following command to link the image pull secret to the default service account:

kubectl patch serviceaccount default -p "{\"imagePullSecrets\":[{\"name\":\"custom-registry-pull-secret\"}]}" -n <<BLACK_DUCK_NAMESPACE>>

Next, if you plan to use Black Duck Binary Analysis (BDBA), then you must create an additional service account and link it to the image pull secret. This is necessary because BDBA requires elevated privileges.

kubectl create sa <<BLACK_DUCK_NAMESPACE>> -n <<BLACK_DUCK_NAMESPACE>>

This creates a service account with the same name as the Black Duck namespace.

Now, link the image pull secret to the elevated service account you just created:

kubectl patch serviceaccount <<BLACK_DUCK_NAMESPACE>> -p "{\"imagePullSecrets\":[{\"name\":\"custom-registry-pull-secret\"}]}" -n <<NAMESPACE>>
⚠️ **GitHub.com Fallback** ⚠️