Secrets for Accessing NGC Catalog

Set up two basic secrets for accessing resources from the NGC catalog: a generic secret and an image pull secret. A generic secret is for accessing models from endpoints on the NGC catalog, and an image pull secret is for pulling container images from the NGC catalog.

Important

By default, Kubernetes secrets are not encrypted. To secure your secrets, refer to Kubernetes secret best practices in the Kubernetes documentation.

The secret values aren’t visible through the pod specs. Use secrets management solutions such as Vault along with external secrets to securely inject these secrets into the namespace.

Create a Generic Secret

Create a generic secret named ngc-api using the following command.

kubectl create secret generic ngc-api \
   --from-literal=NGC_API_KEY=$NGC_API_KEY

Use this secret to set the existingSecret value in the values.yaml file.

Create an Image Pull Secret

Create an image pull secret named nvcrimagepullsecret using the following command. Update the docker-server, docker-username, and docker-password values according to your environment if you are using private registry to store images.

kubectl --namespace <NAMESPACE> \
  create secret docker-registry nvcrimagepullsecret \
  --docker-server=nvcr.io \
  --docker-username='$oauthtoken' \
  --docker-password=$NGC_API_KEY

Use this secret to set the existingImagePullSecret value in the values.yaml file.