Try Kubernetes

Get Started

Ready to get your hands dirty? Build a simple Kubernetes cluster that runs "Hello World" for Node.js.

Documentation

Learn how to use Kubernetes with the use of walkthroughs, samples, and reference documentation. You can even help contribute to the docs!

Community

If you need help, you can connect with other Kubernetes users and the Kubernetes authors, attend community events, and watch video presentations from around the web.

Blog

Read the latest news for Kubernetes and the containers space in general, and get technical how-tos hot off the presses.

Interested in hacking on the core Kubernetes code base?

View On Github

Explore the community

Tasks

Step-by-step instructions for performing operations with Kubernetes.

Documentation for Kubernetes v1.5 is no longer actively maintained. The version you are currently viewing is a static snapshot. For up-to-date documentation, see the latest version.

Edit This Page

Pulling an Image from a Private Registry

This page shows how to create a Pod that uses a Secret to pull an image from a private Docker registry or repository.

Before you begin
Logging in to Docker
Creating a Secret that holds your authorization token
Understanding your Secret
Creating a Pod that uses your Secret
What’s next

Before you begin

You need to have a Kubernetes cluster, and the kubectl command-line tool must be configured to communicate with your cluster. If you do not already have a cluster, you can create one by using Minikube.
To do this exercise, you need a Docker ID and password.

Logging in to Docker

docker login

When prompted, enter your Docker username and password.

The login process creates or updates a config.json file that holds an authorization token.

View the configfile.json file:

cat ~/.docker/config.json

The output contains a section similar to this:

{
    "auths": {
        "https://index.docker.io/v1/": {
            "auth": "c3RldmU1MzpTdGV2ZURvY2tAIzE2"
        }
    }
}

Creating a Secret that holds your authorization token

Create a Secret named regsecret:

kubectl create secret docker-registry regsecret --docker-username=<your-name> --docker-password=<your-pword> --docker-email=<your-email>

where:

<your-name> is your Docker username.
<your-pword> is your Docker password.
<your-email> is your Docker email.

Understanding your Secret

To understand what’s in the Secret you just created, start by viewing the Secret in YAML format:

kubectl get secret regsecret --output=yaml

The output is similar to this:

apiVersion: v1
data:
  .dockercfg: eyJodHRwczovL2luZGV4L ... J0QUl6RTIifX0=
kind: Secret
metadata:
  ...
  name: regsecret
  ...
type: kubernetes.io/dockercfg

The value of the .dockercfg field is a base64 representation of your secret data.

Copy the base64 representation of the secret data into a file named secret64.

Important: Make sure there are no line breaks in your secret64 file.

To understand what is in the .dockercfg field, convert the secret data to a readable format:

base64 -d secret64

The output is similar to this:

{"https://index.docker.io/v1/":{"username":"janedoe","password":"xxxxxxxxxxx","email":"jdoe@example.com","auth":"c3RldmU1MzpTdGV2ZURvY2tAIzE2"}}

Notice that the secret data contains the authorization token from your config.json file.

Creating a Pod that uses your Secret

Here is a configuration file for a Pod that needs access to your secret data:

`private-reg-pod.yaml`
`apiVersion: v1 kind: Pod metadata: name: private-reg spec: containers: - name: private-reg-container image: <your-private-image> imagePullSecrets: - name: regsecret`

Copy the contents of private-reg-pod.yaml to your own file named my-private-reg-pod.yaml. In your file, replace <your-private-image> with the path to an image in a private repository.

Example Docker Hub private image:

janedoe/jdoe-private:v1

To pull the image from the private repository, Kubernetes needs credentials. The imagePullSecrets field in the configuration file specifies that Kubernetes should get the credentials from a Secret named regsecret.

Create a Pod that uses your Secret, and verify that the Pod is running:

kubectl create -f my-private-reg-pod.yaml
kubectl get pod private-reg

What’s next

Learn more about Secrets.
Learn more about using a private registry.
See kubectl create secret docker-registry.
See Secret
See the imagePullSecrets field of PodSpec.

Create an Issue Edit this Page