Sunday, May 20, 2018

Kubernetes - Image Pull Secret

Most times we will be having our container images created and uploaded to the internal company docker registry. for accessing these private images , we need to provide user name and password or atleast a secret token to access them. These user names and password are used during the image pull from the repository. In this article we will see how we can make a image private in a docker hub and use a secret to download the images.

In Kubernetes we use the secret of docker-registry type to authenticate with a container registry to pull a private image

One of the image in docker hub is made a private. when we tried to access the image,
[root@manja17-I13330 kubenetes-config]# docker pull
Using default tag: latest
Trying to pull repository ...

Get unauthorized: incorrect username or password

lets create a secret for accessing the docker hub in kubernetes using,
[root@manja17-I13330 kubenetes-config]# kubectl create secret docker-registry docker-secret --docker-server --docker-email --docker-username=<user Name> --docker-password <Password>
secret "docker-secret" created

[root@manja17-I13330 kubenetes-config]# kubectl get secrets
NAME                   TYPE                 DATA AGE
default-token-fx8mm   3 2h
docker-secret         1 9s

[root@manja17-I13330 kubenetes-config]# kubectl describe secret docker-secret
Name:         docker-secret
Namespace:    default
Labels:       <none>
Annotations:  <none>


.dockerconfigjson:  180 bytes

Configure the Pod with the secret to pull the images as,
[root@manja17-I13330 kubenetes-config]# cat image-pull-secret.yml
apiVersion: v1
kind: Pod
 name: testing-service
   - name: test-ser
      - containerPort: 9876
   - name: docker-secret

Now lets check the pod using,
[root@manja17-I13330 kubenetes-config]# kubectl get pods
testing-service   1/1 Running   0 43s

We have defined the secret that we created to access the docker hub for downloading images in the pod manifest file. Since we defined the secret to download them , we can successfully create the pod and use.

Many to come, Happy learning :-)

No comments :

Post a Comment