Pulling private packages or pushing packages to an Upbound Marketplace private repository requires authentication to Upbound.

Installing private Kubernetes resources requires an image pull secret.

Prerequisites

Install the Up command-line to generate Kubernetes secrets and to use Upbound Marketplace private resources.

Log in with the Up command-line

Use up login to authenticate a user to the Upbound Marketplace.

up login
username: my-user
password:
my-user logged in

Kubernetes image pull secrets

Packages in private repositories require a Kubernetes image pull secret. The image pull secret authenticates Kubernetes to the Upbound Marketplace, allowing Kubernetes to download and install packages.

Generating an image pull secret requires either a user account token.

Use the command up controlplane pull-secret create to generate a token and Kubernetes Secret in the upbound-system namespace.

up ctp pull-secret create
WARNING: Using temporary user credentials that will expire within 30 days.
upbound-system/package-pull-secret created

Verify the secret with kubectl describe secret -n upbound-system package-pull-secret

kubectl describe secret -n upbound-system package-pull-secret
Name:         package-pull-secret
Namespace:    upbound-system
Labels:       <none>
Annotations:  <none>

Type:  kubernetes.io/dockerconfigjson

Data
====
.dockerconfigjson:  1201 bytes

Use an image pull secret

Use an image pull secret by providing a spec.packagePullSecrets in a Configuration or Provider manifest.

This example installs a private Configuration named secret-configuration from the Upbound image repository using image pull secret named package-pull-secret .

apiVersion: pkg.crossplane.io/v1
kind: Configuration
metadata:
  name: platform-ref-aws
spec:
  package: xpkg.upbound.io/secret-org/secret-configuration:v1.2.3
  packagePullSecrets:
    - name: package-pull-secret