Pulling images from private registry in Kubernetes

To add to what @rob said, as of docker 1.7, the use of .dockercfg has been deprecated and they now use a ~/.docker/config.json file. There is support for this type of secret in kube 1.1, but you must create it using different keys/type configuration in the yaml:

First, base64 encode your ~/.docker/config.json:

cat ~/.docker/config.json | base64 -w0

Note that the base64 encoding should appear on a single line so with -w0 we disable the wrapping.

Next, create a yaml file: my-secret.yaml

apiVersion: v1
kind: Secret
metadata:
  name: registrypullsecret
data:
  .dockerconfigjson: <base-64-encoded-json-here>
type: kubernetes.io/dockerconfigjson

-

$ kubectl create -f my-secret.yaml && kubectl get secrets

NAME                  TYPE                                  DATA
default-token-olob7   kubernetes.io/service-account-token   2
registrypullsecret    kubernetes.io/dockerconfigjson        1

Then, in your pod's yaml you need to reference registrypullsecret or create a replication controller:

apiVersion: v1
kind: Pod
metadata:
  name: my-private-pod
spec:
  containers:
    - name: private
      image: yourusername/privateimage:version
  imagePullSecrets:
    - name: registrypullsecret

I can confirm that imagePullSecrets not working with deployment, but you can

kubectl create secret docker-registry myregistrykey --docker-server=DOCKER_REGISTRY_SERVER --docker-username=DOCKER_USER --docker-password=DOCKER_PASSWORD --docker-email=DOCKER_EMAIL
kubectl edit serviceaccounts default

Add

imagePullSecrets:
- name: myregistrykey

To the end after Secrets, save and exit. And its works. Tested with Kubernetes 1.6.7


Kubernetes supports a special type of secret that you can create that will be used to fetch images for your pods. More details here.


If you need to pull an image from a private Docker Hub repository, you can use the following.

Create your secret key 

kubectl create secret docker-registry myregistrykey --docker-server=DOCKER_REGISTRY_SERVER --docker-username=DOCKER_USER --docker-password=DOCKER_PASSWORD --docker-email=DOCKER_EMAIL

secret "myregistrykey" created.

Then add the newly created key to your Kubernetes service account.

Retrieve the current service account

kubectl get serviceaccounts default -o yaml > ./sa.yaml

Edit sa.yaml and add the ImagePullSecret after Secrets

imagePullSecrets:
- name: myregistrykey

Update the service account 

kubectl replace serviceaccount default -f ./sa.yaml

Tags:

Docker

Coreos

Kubernetes

Recent Posts