From e1703923031e29373c65c99ccddf195ea1e7aa96 Mon Sep 17 00:00:00 2001
From: Michael Venezia <mvenezia@gmail.com>
Date: Thu, 12 Oct 2017 16:09:46 -0400
Subject: [PATCH] Adding how to add an image pull secret in helm (#3022)

Document how to add an image pull secret in Helm

Provide an example of how to take an image registry, user name, and password and prepare a Secret that can be used by a pod to pull a protected container image.
---
 docs/charts_tips_and_tricks.md | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)

diff --git a/docs/charts_tips_and_tricks.md b/docs/charts_tips_and_tricks.md
index 0ed1ab83e..885c30085 100644
--- a/docs/charts_tips_and_tricks.md
+++ b/docs/charts_tips_and_tricks.md
@@ -96,6 +96,35 @@ For example:
 The above will render the template when .Values.foo is defined, but will fail
 to render and exit when .Values.foo is undefined.
 
+## Creating Image Pull Secrets
+Image pull secrets are essentially a combination of _registry_, _username_, and _password_.  You may need them in an application you are deploying, but to create them requires running _base64_ a couple of times.  We can write a helper template to compose the Docker configuration file for use as the Secret's payload.  Here is an example:
+
+First, assume that the credentials are defined in the `values.yaml` file like so:
+```
+imageCredentials:
+  registry: quay.io
+  username: someone
+  password: sillyness
+```  
+
+We then define our helper template as follows:
+```
+{{- define "imagePullSecret" }}
+{{- printf "{\"auths\": {\"%s\": {\"auth\": \"%s\"}}}" .Values.imageCredentials.registry (printf "%s:%s" .Values.imageCredentials.username .Values.imageCredentials.password | b64enc) | b64enc }}
+{{- end }}
+```
+
+Finally, we use the helper template in a larger template to create the Secret manifest:
+```
+apiVersion: v1
+kind: Secret
+metadata:
+  name: myregistrykey
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: {{ template "imagePullSecret" . }}
+```
+
 ## Automatically Roll Deployments When ConfigMaps or Secrets change
 
 Often times configmaps or secrets are injected as configuration
-- 
GitLab