https://garden.io logo
#🌱|help-and-getting-started
imagepullSecrets not working?
# 🌱|help-and-getting-started
q

quick-answer-45507

02/21/2023, 4:37 PM
So i have this current config....
Copy code
providers:
  - name: local-kubernetes
    context: minikube
    environments: [dev]
    defaultHostname: "whenidev.net"
    setupIngressController: false
    deploymentRegistry:
      hostname: nexus-docker-out.build-tools.DOMAIN-production.com
      namespace: default
    imagePullSecrets:
        - name: gitlab
    copySecrets:
        - name: gitlab
but when i try to apply a kube manifest that refrences an image from that repo with
Copy code
imagePullSecrets:
        - name: gitlab
defined i still get failed to pull image no basic auth credentials... any ideas?
b

bright-policeman-43626

02/22/2023, 7:37 AM
Hello there! First action I would take: 1. check if the secret actually exists in the namespace you are trying to pull from and make sure the content is valid. 2. Could you describe the pod and share the details at the end, perhaps we can find a little bit more of details over there? Thanks for reporting this hopefully we can find a nice solution for it❤️
q

quick-answer-45507

02/22/2023, 1:46 PM
this is the pod in question,
Copy code
apiVersion: apps/v1
kind: Deployment
metadata:
  name: dynamodb
spec:
  selector:
    matchLabels:
      app: dynamodb
  template:
    metadata:
      labels:
        app: dynamodb
    spec:
      volumes:
      - name: dbstorage
        persistentVolumeClaim:
          claimName: dynamodb-pv-claim
      containers:
        - name: dynamodb
          image: nexus-docker-out.build-tools.wheniwork-production.com/amazon/dynamodb-local:1.12.0
          args: ["-jar", "DynamoDBLocal.jar", "-sharedDb", "-dbPath", "./data"]
          ports:
            - containerPort: 8000
          volumeMounts:
            - name: dbstorage
              mountPath: /home/dynamodblocal/data
        - name: dynamodb-ui
          image: nexus-docker-out.build-tools.wheniwork-production.com/aaronshaf/dynamodb-admin:latest
          ports:
            - containerPort: 8001
          env:
            - name: DYNAMO_ENDPOINT
              value: "http://localhost:8000"
      imagePullSecrets:
        - name: gitlab
and i manually verified the secret was there in both the default namespace and the garden-default one
i think the issue is garden isnt adding the imagepullsecret to the default service account....
b

bright-policeman-43626

02/22/2023, 2:58 PM
Would you mind doing a « kubectl get secrets » in the namespace you deployed dynamodb?
Also can you share the garden module configuration you are using for it? ✨
q

quick-answer-45507

02/22/2023, 5:30 PM
Copy code
kind: Module
type: kubernetes
name: dynamodb
files:
    - ./container.yaml
Copy code
kubectl get secrets -n garden-default
NAME                                    TYPE                             DATA   AGE
gitlab                   kubernetes.io/dockerconfigjson   1      25m
q

quaint-dress-831

02/24/2023, 10:43 AM
Are you able to pull from GitLab's container registry locally? So
docker login registry.example.com
then attempt to pull and push
That way we remove any additional variables that could be in the way
Also: thank you for being patient with us 🙂
q

quick-answer-45507

02/24/2023, 11:13 PM
no worries at all, and yes docker login works fine and docker pull works.
f

freezing-pharmacist-34446

02/27/2023, 11:21 AM
So garden automatically copies the specified
imagePullSecret
to all the namespaces used with garden. It injects the
imagePullSecret
for container modules, however you are using a Kubernetes module which means you need to specify the secret in your Kubernetes manifest used in that module. You can rely on it being present in the same namespace but you'll still need to reference it. Does that help?
b

bright-policeman-43626

03/03/2023, 5:00 PM
hey @quick-answer-45507 just wanted to check-in and see if everything ended up working on your side? I would be happy to help you debug this issue further
b

big-spring-14945

03/06/2023, 11:58 AM
@quick-answer-45507 Sorry for not spotting this earlier, we can confirm that this is a bug when using the kubernetes-module type and we'll resolve this with high priority. https://github.com/garden-io/garden/issues/3894
q

quick-answer-45507

03/06/2023, 12:52 PM
So I’m not crazy! Awesome
f

freezing-pharmacist-34446

03/06/2023, 1:08 PM
This bug above is about the secrets not being copied to the namespace where the garden environment is deployed to, however if i understood you correctly your secret gets copied but is not picked up by the service you want to deploy @quick-answer-45507 ? Just making sure we are not missing another bug here 🙂
q

quick-answer-45507

03/06/2023, 1:17 PM
Correct
46 Views