openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 12:46:18 +01:00
Code Issues Releases Activity
Files
enterprise-4.21
openshift-docs/modules/using-pull-secret.adoc
Steven Smith d72b8b0db0 Makes changes to image books as a result of ADV errors
2026-01-07 13:40:52 +00:00

76 lines
2.0 KiB
Plaintext
Raw Permalink Blame History

// Module included in the following assemblies:
// * openshift_images/using-image-pull-secrets
// * openshift_images/managing-image-streams.adoc
:_mod-docs-content-type: PROCEDURE
[id="using-pull-secret_{context}"]
= Using a pull secret in a workload
[role="_abstract"]
To allow workloads to pull images from private registries in {product-title}, you can link the pull secret to a service account by entering the `oc secrets link` command or by defining it directly in your workload configuration YAML file.
.Procedure
. Link the pull secret to a service account by entering the following command. Note that the name of the service account should match the name of the service account that pod uses. The default service account is `default`.
+
[source,terminal]
----
$ oc secrets link default <pull_secret_name> --for=pull
----
. Verify the change by entering the following command:
+
[source,terminal]
----
$ oc get serviceaccount default -o yaml
----
+
.Example output
[source,yaml]
----
apiVersion: v1
imagePullSecrets:
- name: default-dockercfg-123456
- name: <pull_secret_name>
kind: ServiceAccount
metadata:
annotations:
openshift.io/internal-registry-pull-secret-ref: <internal_registry_pull_secret>
creationTimestamp: "2025-03-03T20:07:52Z"
name: default
namespace: default
resourceVersion: "13914"
uid: 9f62dd88-110d-4879-9e27-1ffe269poe3
secrets:
- name: <pull_secret_name>
----
. Optional: Instead of linking the secret to a service account, you can alternatively reference it directly in your pod or workload definition. This is useful for GitOps workflows such as ArgoCD. For example:
+
.Example pod specification
[source,yaml]
----
apiVersion: v1
kind: Pod
metadata:
name: <secure_pod_name>
spec:
containers:
- name: <container_name>
image: quay.io/my-private-image
imagePullSecrets:
- name: <pull_secret_name>
----
+
.Example ArgoCD workflow
[source,yaml]
----
apiVersion: argoproj.io/v1alpha1
kind: Workflow
metadata:
generateName: <example_workflow>
spec:
entrypoint: <main_task>
imagePullSecrets:
- name: <pull_secret_name>
----
View Git Blame Copy Permalink