Authentication
Pulling private packages or pushing packages to an Upbound Marketplace private repository requires authentication to Upbound.
Installing private Kubernetes resources requires an image pull secret.
Authenticating to the Upbound Marketplace for private packages requires an Upbound account.
Prerequisites
Install the Up command-line to generate Kubernetes secrets and to use Upbound Marketplace private resources.
Upbound Marketplace requires Up command-line version v0.13.0
or later.
Log in with the Up command-line
Use up login
to authenticate a user to the Upbound Marketplace.
up login
username: my-user
password:
my-user logged in
Configure Docker to use the up credential helper
If you use Docker or any other OCI client, you can configure it to use Upbound credentials to interact with the Marketplace. If you plan to push packages to the Upbound Marketplace, you can use the credentials acquired via up login
.
Install the docker-credential-up credential helper:
curl -sL "https://cli.upbound.io" | BIN=docker-credential-up sh
Read the up CLI configuration documentation for more installation options.
In the case of Docker, add up
to your Docker config.json
. This allows your client to use Upbound credentials to interact with the Marketplace:
{
"credHelpers": {
"xpkg.upbound.io": "up"
}
}
Kubernetes image pull secrets
Packages in private repositories require a Kubernetes image pull secret. The image pull secret authenticates Kubernetes to the Upbound Marketplace, allowing Kubernetes to download and install packages.
Generating an image pull secret requires either a user account token.
A user account token uses your current up login
profile.
Logging out with up logout
deactivates the token.
Use the command up controlplane pull-secret create
to generate a token and Kubernetes Secret in the upbound-system namespace.
up ctp pull-secret create
WARNING: Using temporary user credentials that will expire within 30 days.
upbound-system/package-pull-secret created
Verify the secret with kubectl describe secret -n upbound-system package-pull-secret
kubectl describe secret -n upbound-system package-pull-secret
Name: package-pull-secret
Namespace: upbound-system
Labels: <none>
Annotations: <none>
Type: kubernetes.io/dockerconfigjson
Data
====
.dockerconfigjson: 1201 bytes
Use an image pull secret
Use an image pull secret by providing a spec.packagePullSecrets in a Configuration or Provider manifest.
Use an image pull secret by providing a spec.packagePullSecrets in a Configuration or Provider
manifest.
This example installs a private Configuration named secret-configuration from the Upbound image repository using image pull secret named package-pull-secret.
apiVersion: pkg.crossplane.io/v1
kind: Configuration
metadata:
name: platform-ref-aws
spec:
package: xpkg.upbound.io/secret-org/secret-configuration:v1.2.3
packagePullSecrets:
- name: package-pull-secret