We use cookies for the best online experience.Read our Privacy Statement

Log into a private package registry using credentials from a Secret

Serverless allows you to consume private packages in your Functions. This tutorial shows how you can log into a private package registry by defining credentials in a Secret custom resource (CR).

Steps

Create a Secret

Create a Secret CR for your Node.js or Python Functions. You can also create one combined Secret CR for both runtimes.

  • Node.js
  • Python
  • Node.js & Python

  1. Export these variables:

    Click to copy
    export REGISTRY={ADDRESS_TO_REGISTRY}
    export TOKEN={TOKEN_TO_REGISTRY}
    export NAMESPACE={FUNCTION_NAMESPACE}

  2. Create a Secret:

    Click to copy
    cat <<EOF | kubectl apply -f -
    apiVersion: v1
    kind: Secret
    metadata:
      name: serverless-package-registry-config
      namespace: {NAMESPACE}
    type: Opaque
    stringData:
      .npmrc: |
          registry=https://{REGISTRY}
          //{REGISTRY}:_authToken={TOKEN}
    EOF

Test the package registry switch

Create a Function with dependencies from the external registry. Check if your Function was created and all conditions are set to True:

Click to copy
kubectl get functions -n $NAMESPACE

You should get a result similar to the this example:

Click to copy
NAME            CONFIGURED   BUILT     RUNNING   RUNTIME    VERSION   AGE
test-function   True         True      True      nodejs18   1         96s

CAUTION: If you want to create a cluster-wide Secret, you must create it in the kyma-system Namespace and add the serverless.kyma-project.io/config: credentials label. Read more about requirements for Secret CRs.