Skip to content

Use a registry token instead of the API key #10

Description

@l2fprod

kubectl --namespace ${CLUSTER_NAMESPACE} create secret docker-registry ${IMAGE_PULL_SECRET_NAME} --docker-server=${REGISTRY_URL} --docker-password=${PIPELINE_BLUEMIX_API_KEY} --docker-username=iamapikey --docker-email=a@b.com

It would be better to use a read-only registry token obtained with bx cr token-add --description "a token for ..." --non-expiring --quiet here. This avoids having the IBM Cloud API key inside a secret in the container. Plus it gives only read access to the registry.

The token can be used like this

  kubectl --namespace <anamespace> create secret docker-registry <secret-name> \
    --docker-server=registry.ng.bluemix.net \
    --docker-password="<the token value>" \
    --docker-username=token \
    --docker-email="anemail@domain.com"

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions