Use image from private repo in Jupyterhub

Question

I'm trying to insert my own jupyter image into jupyterhub. With helm I have set up jupyterhub to run locally with minikube with the default image:

RELEASE=jhub
NAMESPACE=jhub

helm upgrade --cleanup-on-fail \
  --install $RELEASE jupyterhub/jupyterhub \
  --namespace $NAMESPACE \
  --create-namespace \
  --version=0.9.0 \
  --values config.yaml

This works.

Then I try to change the image by modifying the config.yaml:

singleuser:
    image:
        name: myrepo.azurecr.io/myrepo/myimage
        tag: 1.0
    imagePullSecret:
        enabled: true
        name: mysecret

This should point out my image on my private repository. mysecret is a secret created with kubectl create secret docker-registry mysecret ... However, when running above helm upgrade command I get an error that seem to be caused by the jupyterhub helm chart not being able to handle the named imagePullSecret properly:

Error: UPGRADE FAILED: failed to create resource: Secret "singleuser-image-credentials" is invalid: data[.dockerconfigjson]: Invalid value: "<secret contents redacted>": invalid character ',' looking for beginning of value

If I add --dry-run --debug to my helm upgrade command I get a hint of the problem:

kind: Secret
apiVersion: v1
metadata:
  name: singleuser-image-credentials
  labels:
    component: singleuser-image-credentials
    app: jupyterhub
    release: jhub
    chart: jupyterhub-0.9.0
    heritage: Helm
type: kubernetes.io/dockerconfigjson
data:
  .dockerconfigjson: ewogICJhdXRocyI6IHsKICAgICJodHRwczovL2luZGV4LmRvY2tlci5pby92MS8iOiB7CiAgICAgICJ1c2VybmFtZSI6ICwKICAgICAgInBhc3N3b3JkIjogLAogICAgICAiYXV0aCI6ICJQRzVwYkQ0NlBHNXBiRDQ9IgogICAgfQogIH0KfQ==

The dockerconfigjson secret above doesn't actually contain the secret:

$ echo ewogICJhdXRocyI6IHsKICAgICJodHRwczovL2luZGV4LmRvY2tlci5pby92MS8iOiB7CiAgICAgICJ1c2VybmFtZSI6ICwKICAgICAgInBhc3N3b3JkIjogLAogICAgICAiYXV0aCI6ICJQRzVwYkQ0NlBHNXBiRDQ9IgogICAgfQogIH0KfQ== | base64 --decode
{
  "auths": {
    "https://index.docker.io/v1/": {
      "username": ,
      "password": ,
      "auth": "PG5pbD46PG5pbD4="
    }
  }
}
$ echo PG5pbD46PG5pbD4= | base64 --decode
<nil>:<nil>

Question

This kind of looks like a bug. But there should be some way to insert the credentials into jupyterhub 0.9.0 using a secret?

Workaround:

I can insert the username and password directly with helm upgrade --set singleuser.imagePullSecret.password=<my password here> .... Then it works.

Answer 1

Instead of adding your private helm repository to config.yaml you should modify values.yaml file as mentioned in this github issue:

  image:
    name: <image>
    tag: '<tag>'
    pullPolicy: Always
    pullSecrets:
      - secretName: "<secret-name>"