Pulling private packages or pushing packages to an Upbound Marketplace private repository requires authentication to Upbound.
Installing private Kubernetes resources requires an image pull secret.
Prerequisites
Install the Up command-line to generate Kubernetes secrets and to use Upbound Marketplace private resources.
v0.13.0
or later.Log in with the Up command-line
Use up login
to authenticate a user to the Upbound Marketplace.
up login
username: my-user
password:
my-user logged in
Configure Docker to use the up credential helper
If you use Docker or any other OCI client, you can configure it to use Upbound credentials to interact with the Marketplace. If you plan to push packages to the Upbound Marketplace, you can use the credentials acquired via up login
.
Install the docker-credential-up credential helper:
curl -sL "https://cli.upbound.io" | BIN=docker-credential-up sh
In the case of Docker, add up
to your Docker config.json
. This allows your client to use Upbound credentials to interact with the Marketplace:
{
"credHelpers": {
"xpkg.upbound.io": "up"
}
}
Kubernetes image pull secrets
Packages in private repositories require a Kubernetes image pull secret. The image pull secret authenticates Kubernetes to the Upbound Marketplace, allowing Kubernetes to download and install packages.
Generating an image pull secret requires either a user account token.
up login
profile.
Logging out with up logout
deactivates the token.Use the command up controlplane pull-secret create
to generate a token and Kubernetes Secret in the upbound-system namespace.
up ctp pull-secret create
WARNING: Using temporary user credentials that will expire within 30 days.
upbound-system/package-pull-secret created
Verify the secret with kubectl describe secret -n upbound-system package-pull-secret
kubectl describe secret -n upbound-system package-pull-secret
Name: package-pull-secret
Namespace: upbound-system
Labels: <none>
Annotations: <none>
Type: kubernetes.io/dockerconfigjson
Data
====
.dockerconfigjson: 1201 bytes
Use an image pull secret
Use an image pull secret by providing a
in a
or Provider
manifest.
This example installs a private
named
from the Upbound image repository using image pull secret named
.
apiVersion: pkg.crossplane.io/v1
kind: Configuration
metadata:
name: platform-ref-aws
spec:
package: xpkg.upbound.io/secret-org/secret-configuration:v1.2.3
packagePullSecrets:
- name: package-pull-secret