<WOWHDR>

Kubernetes: Pulling Image From Private Registry

by

Website Admin
in

Create the Secret for you docker registry:

kubectl create secret docker-registry NAME --docker-username=user --docker-password=password --docker-email=email
[--docker-server=string] [--from-file=[key=]source] [--dry-run=server|client|none] [options]

To double check:

kubectl get secret NAME --output="jsonpath={.data.\.dockerconfigjson}" | base64 --decode

Create a test pod:

kubectl run NAME --image REGISTRY-SERVER/REPOSITORY/IMAGE:TAG --overrides '{ "spec": { "imagePullSecrets" : [{"name": "REGISTRY-SECRET-NAME" }] }}'

For pod, setting the imagePullSecrets only available using the –overrides flag when you create the pod. After the pod is created, you cannot edit the imagePullSecrets using kubectl edit or patch.

DEPLOYMENT

You can edit the deployment manifest and add the following at line 9, 10:

apiVersion: apps/v1
kind: Deployment
metadata: ...
spec:
  template:
    spec:
      containers:
      - ...
      imagePullSecrets:
      - name: <secret-name>

Or you can always kubectl patch. Use flag --type strategic (default) to append or --type merge to replace.

kubectl patch deployment <name> --type merge -p '{ "spec": { "template": { "spec": { "imagePullSecrets": [{ "name": "<secret-name>" }] } } } }'

SERVICE ACCOUNT

The easiest way to attach the imagePullSecrets is in your ServiceAccount:

apiVersion: v1
kind: ServiceAccount
imagePullSecrets:
- name: <secret-name>
metadata:
  ...

REFERENCES:

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *