Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Pulling images from private registry in Kubernetes

I have built a 4 node kubernetes cluster running multi-container pods all running on CoreOS. The images come from public and private repositories. Right now I have to log into each node and manually pull down the images each time I update them. I would like be able to pull them automatically.

  1. I have tried running docker login on each server and putting the .dockercfg file in /root and /core
  2. I have also done the above with the .docker/config.json
  3. I have added secret to the kube master and added imagePullSecrets:
    • name: docker.io to the Pod configuration file.

When I create the pod i get the error message Error:

image <user/image>:latest not found 

If I log in and run docker pull it will pull the image. I have tried this using docker.io and quay.io.

like image 237
KSB Avatar asked Sep 22 '15 21:09

KSB


People also ask

How do I pull an image from a private repository?

In order to pull images from your private repository, you'll need to login to Docker. If no registry URI is specified, Docker will assume you intend to use or log out from Docker Hub. Triton comes with several images built-in. You can view the available list with triton images .

How do I access private Docker images?

Personal to personalNavigate to Docker Hub create a Docker ID and select the personal subscription. Using docker login from the CLI, sign in using your original Docker ID and pull your private images.

How do I get Kubernetes to pull a local image?

Required image pull If you would like to always force a pull, you can do one of the following: Set the imagePullPolicy of the container to Always . Omit the imagePullPolicy and use :latest as the tag for the image to use; Kubernetes will set the policy to Always when you submit the Pod.


2 Answers

To add to what @rob said, as of docker 1.7, the use of .dockercfg has been deprecated and they now use a ~/.docker/config.json file. There is support for this type of secret in kube 1.1, but you must create it using different keys/type configuration in the yaml:

First, base64 encode your ~/.docker/config.json:

cat ~/.docker/config.json | base64 -w0    

Note that the base64 encoding should appear on a single line so with -w0 we disable the wrapping.

Next, create a yaml file: my-secret.yaml

apiVersion: v1 kind: Secret metadata:   name: registrypullsecret data:   .dockerconfigjson: <base-64-encoded-json-here> type: kubernetes.io/dockerconfigjson 

-

$ kubectl create -f my-secret.yaml && kubectl get secrets  NAME                  TYPE                                  DATA default-token-olob7   kubernetes.io/service-account-token   2 registrypullsecret    kubernetes.io/dockerconfigjson        1 

Then, in your pod's yaml you need to reference registrypullsecret or create a replication controller:

apiVersion: v1 kind: Pod metadata:   name: my-private-pod spec:   containers:     - name: private       image: yourusername/privateimage:version   imagePullSecrets:     - name: registrypullsecret 
like image 195
Chief Avatar answered Oct 05 '22 00:10

Chief


If you need to pull an image from a private Docker Hub repository, you can use the following.

Create your secret key

kubectl create secret docker-registry myregistrykey --docker-server=DOCKER_REGISTRY_SERVER --docker-username=DOCKER_USER --docker-password=DOCKER_PASSWORD --docker-email=DOCKER_EMAIL 

secret "myregistrykey" created.

Then add the newly created key to your Kubernetes service account.

Retrieve the current service account

kubectl get serviceaccounts default -o yaml > ./sa.yaml 

Edit sa.yaml and add the ImagePullSecret after Secrets

imagePullSecrets: - name: myregistrykey 

Update the service account

kubectl replace serviceaccount default -f ./sa.yaml 
like image 45
Bcf Ant Avatar answered Oct 05 '22 02:10

Bcf Ant