document atcr.io image pull auth for k8s · zzstoatzz.io/prefect-server@feaca37

zzstoatzz.io / prefect-server

fork atom

prefect server in zig

fork atom

document atcr.io image pull auth for k8s

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

zzstoatzz.io 1 month ago feaca376 f511403a

ci.yml

success 35s

+24

1 changed file

expand all

unified split

k8s

README.md

+24

k8s/README.md

··· 80 80 prefect-server services # background services only 81 81 ``` 82 82 83 + ## image registry auth (atcr.io) 84 + 85 + atcr.io uses a credential helper for docker CLI auth. k8s needs explicit credentials: 86 + 87 + ```bash 88 + # extract creds from docker credential helper 89 + echo "atcr.io" | docker-credential-atcr get 90 + # returns: {"ServerURL":"atcr.io","Username":"<handle>","Secret":"<token>"} 91 + 92 + # create k8s secret with those values 93 + kubectl -n prefect create secret docker-registry atcr-creds \ 94 + --docker-server=atcr.io \ 95 + --docker-username=<handle> \ 96 + --docker-password=<token> 97 + 98 + # patch deployments to use the secret 99 + kubectl -n prefect patch deployment prefect-api \ 100 + -p '{"spec":{"template":{"spec":{"imagePullSecrets":[{"name":"atcr-creds"}]}}}}' 101 + kubectl -n prefect patch deployment prefect-services \ 102 + -p '{"spec":{"template":{"spec":{"imagePullSecrets":[{"name":"atcr-creds"}]}}}}' 103 + ``` 104 + 105 + alternatively, add `imagePullSecrets` directly to the deployment manifests. 106 + 83 107 ## production considerations 84 108 85 109 1. **postgres**: use a managed database (RDS, Cloud SQL, etc.)