kubernetesdocker-registryazure-bicep

Radius/Bicep - How to pull from private Docker registry with auth in generic Kubernetes?


I have a Kubernetes deployment yaml, which successfully pulls an image from a private Docker registry with authentication.
I'd like to do the same using Radius, but it's not clear how to do this using generic Kubernetes (not Azure).
Kubernetes is configuged with the secret 'docker-registry-secret' in both the default namespace and the namespace Radius is using 'default-my-api'.

The yaml uses imagePullSecrets; what is the Radius equivalent?

The K8s deployment yaml:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-api
spec:
  selector:
    matchLabels:
      app: my-api
  template:
    metadata:
      labels:
        app: my-api
    spec:
      containers:
        - name: my-api
          image: reg.my-registry.com:5000/my-api-app:latest
      imagePullSecrets:
          - name: docker-registry-secret

The Radius bicep:

import radius as radius

@description('The Radius Application ID. Injected automatically by the rad CLI.')
param application string

resource snapapi 'Applications.Core/containers@2023-10-01-preview' = {
  name: 'my-api'
  properties: {
    application: application
    container: {
      image: 'reg.my-registry.com:5000/my-api-app:latest'
    }
  }
}

I see the error "Failed to pull image ... no basic auth credentials"

I can find examples using Azure Container Registry, but not a lot for a private Docker image registry, deploying to a local, generic Kubernetes cluster.

imagePullSecrets doesn't seem to be a supported mechanism in bicep. How is it configured?


Solution

  • In the bicep file, use the following:

    properties: {
      runtimes: {
        kubernetes: {
          base: loadTextContent('deployment.yaml')
        }
      }
    }
    

    This will use a base Kubernetes resource manifest on top of which Radius specified properties will be applied. The base resource will contain the imagePullSecrets. For further info, see the docs: Radius docs - Container service - properties/runtimes/kubernetes