Introduction
This article shows how to use secrets to pull an image from a private Docker registry.
Description
Incredibly powerful, Kubernetes offer a simple way to manage your secrets and customize the default registry (Docker Hub).
In this example, we’ll use the Gilab Container Registry service.
Let’s go!
Create a file ~/.dockerconfig with your registry credentials on your local machine.
| 1 2 3 4 |
$ export DOCKER_REGISTRY_SERVER=https://registry.gitlab.com $ export DOCKER_USER=user $ export DOCKER_EMAIL=user@example.com $ export DOCKER_PASSWORD=password |
Export variables from~/.dockerconfig.
| 1 |
$ source ~/.dockerconfig |
To verify the configuration.
| 1 |
$ printenv | grep DOCKER |
You should have the same output:
| 1 2 3 4 |
DOCKER_REGISTRY_SERVER=https://registry.gitlab.com DOCKER_USER=user DOCKER_EMAIL=user@example.com DOCKER_PASSWORD=password |
Everything is ok, let’s create Kubernetes gitlab-registry secret.
| 1 2 3 4 5 |
kubectl create secret gitlab-registry gitlab-registry \ --docker-server=$DOCKER_REGISTRY_SERVER \ --docker-username=$DOCKER_USER \ --docker-password=$DOCKER_PASSWORD \ --docker-email=$DOCKER_EMAIL |
It’s time to test it!
| 1 2 3 4 5 6 7 8 9 10 11 12 13 |
cat <<EOF | kubectl apply -f - apiVersion: v1 kind: Pod metadata: name: foo spec: containers: - name: foo image: foo/your-gitlab-private-image:latest imagePullPolicy: Always imagePullSecrets: - name: gitlab-registry EOF |
To check if your private image has been pulled, your can:
| 1 |
$ kubectl describe po/foo | grep -i pull |
Extra
To remove the created pod.
| 1 |
$ kubectl delete po/foo |
To remove local Docker configuration.
| 1 2 3 4 5 6 7 8 |
# Remove environment variables file $ rm ~/.dockerconfig # Remove environment variables $ unset DOCKER_REGISTRY_SERVER $ unset DOCKER_USER $ unset DOCKER_EMAIL $ unset DOCKER_PASSWORD |
To sharing the secret across multiple Kubernetes namespaces.
| 1 2 3 4 |
export NAMESPACE=your-namespace kubectl get secret gitlab-registry -o yaml \ | sed "s/default/$NAMESPACE/g" \ | kubectl -n $NAMESPACE create -f - |
2 comments
Chris
Posted on 23 novembre 2018 at 17 h 57 minHi there,
actually i am trying this in my MacOSX bash but i got several errors by executing the command, like
eval $(cat ~/.dockerconfig) i need to make it eval cat ~/.dockerconfig
Also the « export » infront of the lines for the config file are taken into the enviroment variables, so they are not displayed afterwards like ion your example via printenv | grep DOCKER – instead they all have an « export » infront of every line. For which environment/syntax your example is actually? I am very thankful to find finally an article related to this topic, but now it unfortunately does not work properly for me … thx
Dimitri DO BAIRRO
Posted on 11 décembre 2018 at 17 h 33 minHello @Chris,
Before beginning, thank you for this feedback.
The article has been updated, you must have to use source instead of:
eval $(cat ~/.dockerconfig)
Have a nice day ?