Sunday, May 20, 2018

Kubernetes - Image Pull Secret

Most times we will be having our container images created and uploaded to the internal company docker registry. for accessing these private images , we need to provide user name and password or atleast a secret token to access them. These user names and password are used during the image pull from the repository. In this article we will see how we can make a image private in a docker hub and use a secret to download the images.

In Kubernetes we use the secret of docker-registry type to authenticate with a container registry to pull a private image

One of the image in docker hub is made a private. when we tried to access the image,
[root@manja17-I13330 kubenetes-config]# docker pull docker.io/jagadesh1982/testing-service
Using default tag: latest
Trying to pull repository docker.io/jagadesh1982/testing-service ...

Get https://registry-1.docker.io/v2/jagadesh1982/testing-service/manifests/latest: unauthorized: incorrect username or password

lets create a secret for accessing the docker hub in kubernetes using,
[root@manja17-I13330 kubenetes-config]# kubectl create secret docker-registry docker-secret --docker-server https://index.docker.io/v1/ --docker-email jagadesh.manchala@gmail.com --docker-username=<user Name> --docker-password <Password>
secret "docker-secret" created

[root@manja17-I13330 kubenetes-config]# kubectl get secrets
NAME                   TYPE                 DATA AGE
default-token-fx8mm   kubernetes.io/service-account-token   3 2h
docker-secret          kubernetes.io/dockerconfigjson         1 9s

[root@manja17-I13330 kubenetes-config]# kubectl describe secret docker-secret
Name:         docker-secret
Namespace:    default
Labels:       <none>
Annotations:  <none>

Type:  kubernetes.io/dockerconfigjson

Data
====
.dockerconfigjson:  180 bytes

Configure the Pod with the secret to pull the images as,
[root@manja17-I13330 kubenetes-config]# cat image-pull-secret.yml
apiVersion: v1
kind: Pod
metadata:
 name: testing-service
spec:
 containers:
   - name: test-ser
     image: docker.io/jagadesh1982/testing-service
     ports:
      - containerPort: 9876
 imagePullSecrets:
   - name: docker-secret

Now lets check the pod using,
[root@manja17-I13330 kubenetes-config]# kubectl get pods
NAME               READY STATUS  RESTARTS AGE
testing-service   1/1 Running   0 43s

We have defined the secret that we created to access the docker hub for downloading images in the pod manifest file. Since we defined the secret to download them , we can successfully create the pod and use.

Many to come, Happy learning :-)

No comments :

Post a Comment