Custom docker registry on Helm installed GCP


I installed Gitpod on GCP via the Helm installer (as the GCP installer is currently broken).

I then wanted to use a custom docker registry hosted by Google in my GCP project. I followed the steps at .
I created the registry-auth.json secret and adapted the config (adaptions not shown here, just for reference from the docs)

registryCerts: []
# name must not end with a “/”
secretName: image-builder-registry-secret
path: secrets/registry-auth.json

secretName: image-builder-registry-secret

enabled: false

However, the secret image-builder-registry-secret is not found by my image builder. It is also not present when checking with kubectl get secrets. There was no mention of whether I need to create it myself in the docs.
Do I need to do that and if yes what exactly should it contain?

The blobserve and image builder pods do not start anymore. the logs say the following:
{"@type":"","error":"read /mnt/pull-secret.json: is a directory","level":"fatal","message":"cannot read docker config","serviceContext":{"service":"blobserve","version":""},"severity":"CRITICAL","time":"2021-02-19T11:15:14Z"}

And the logs of the image builder service say this:
{"level":"fatal","message":"read /config/pull-secret.json: is a directory","serviceContext":{"service":"image-builder","version":""},"severity":"CRITICAL","time":"2021-02-19T11:15:16Z"}

Thanks in advance for any help :slight_smile:

Have you created the file secrets/registry-auth.json on your computer that runs the helm command? How does you secret image-builder-registry-secret look like?

kubectl get secret image-builder-registry-secret -o yaml

Note: Remove your sensitive data!

yes I created the secrets/registry-auth.json.

The result of kubectl get secret image-builder-registry-secret -o yaml is the following. Everything <redacted> was removed by me.

apiVersion: v1
  registry-auth.json: <redacted, ~ 4200 characters base64 encoded string>
kind: Secret
  creationTimestamp: "2021-02-19T10:57:48Z"
  name: image-builder-registry-secret
  namespace: default
  resourceVersion: "4373393"
  selfLink: /api/v1/namespaces/default/secrets/image-builder-registry-secret
  uid: <redacted>
type: Opaque

Hi @lucas-koehler,

could you also verify that the content of that files is the same as in you local secrets/registry-auth.json.
I could also suggest to use the Terraform script to install Gitpod on GCP. You only have to download Terraform and set some variables.

Best regards