This page shows how to create a Pod that uses a Secret to pull an image from a private Docker registry or repository.
- Before you begin
- Log in to Docker
- Create a Secret in the cluster that holds your authorization token
- Inspecting the Secret <code>regcred</code>
- Create a Pod that uses your Secret
- What's next
Before you begin
- You need to have a Kubernetes cluster, and the kubectl command-line tool must be configured to communicate with your cluster. If you do not already have a cluster, you can create one by usingMinikube, or you can use one of these Kubernetes playgrounds:
- Katacoda
- Play with Kubernetes
To check the version, enter kubectl version
.
- To do this exercise, you need aDocker ID and password.
Log in to Docker
On your laptop, you must authenticate with a registry in order to pull a private image:
When prompted, enter your Docker username and password.
The login process creates or updates a config.json
View the config.json
The output contains a section similar to this:
Note: If you use a Docker credentials store, you won’t see that auth entry but a credsStore
Create a Secret in the cluster that holds your authorization token
A Kubernetes cluster uses the Secret of docker-registry
Create this Secret, naming it regcred
:
where:
<your-registry-server>
- is your Private Docker Registry FQDN. (https://index.docker.io/v1/ for DockerHub)
<your-name>
<your-pword>
<your-email>
You have successfully set your Docker credentials in the cluster as a Secret called regcred
.
Inspecting the Secret regcred
To understand the contents of the regcred
The output is similar to this:
The value of the .dockerconfigjson
To understand what is in the .dockerconfigjson
The output is similar to this:
To understand what is in the auth
The output, username and password concatenated with a :
, is similar to this:
Notice that the Secret data contains the authorization token similar to your local ~/.docker/config.json
You have successfully set your Docker credentials as a Secret called regcred
Create a Pod that uses your Secret
Here is a configuration file for a Pod that needs access to your Docker credentials in regcred
:
Download the above file:
In file my-private-reg-pod.yaml
, replace <your-private-image>
To pull the image from the private registry, Kubernetes needs credentials. The imagePullSecrets
field in the configuration file specifies that Kubernetes should get the credentials from a Secret named regcred
.
Create a Pod that uses your Secret, and verify that the Pod is running: