Accessing Private Repositories: Difference between revisions
Jump to navigation
Jump to search
DrEdWilliams (talk | contribs) (Created page with "For each private registry that you need to have a password for, add a secret as described in the k8s docs<ref>https://kubernetes.io/docs/tasks/configure-pod-container/pull-ima...") |
DrEdWilliams (talk | contribs) m (added more detail and an example) |
||
| Line 1: | Line 1: | ||
For each private registry that you need to have a password for, add a secret as described in the k8s docs<ref>https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/</ref>: | For each private registry that you need to have a password for, add a secret as described in the k8s docs<ref>https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/</ref>: | ||
kubectl create secret docker-registry | kubectl create secret docker-registry <secret-name> \ | ||
--docker-password=<your-pword> --docker-email=<your-email> | --docker-server=<your-registry-server> \ | ||
--docker-username=<your-name> \ | |||
--docker-password=<your-pword> \ | |||
--docker-email=<your-email> \ | |||
-n <namespace> | |||
where: | where: | ||
* <secret-name> is the name that will be used to access the registry credentials | |||
* <your-registry-server> is your Private Docker Registry FQDN. (<nowiki>https://index.docker.io/v1/ for DockerHub</nowiki>) | * <your-registry-server> is your Private Docker Registry FQDN. (<nowiki>https://index.docker.io/v1/ for DockerHub</nowiki>) | ||
* <your-name> is your Docker username. | * <your-name> is your Docker username. | ||
* <your-pword> is your Docker password. | * <your-pword> is your Docker password. | ||
* <your-email> is your Docker email. | * <your-email> is your Docker email. | ||
* <namespace> is the namespace where the container will be used | |||
Note that the secret must be created in the namespace that the container will be used in ... if the same registry is used in multiple namespaces, the secret must be created in each namespace. | |||
To use the registry secret, use the 'imagePullSecrets' tag in the manifest: | |||
apiVersion: v1 | |||
kind: Pod | |||
metadata: | |||
name: private-reg | |||
namespace: <namespace> | |||
spec: | |||
containers: | |||
- name: private-reg-container | |||
image: <your-private-image> | |||
imagePullSecrets: | |||
- name: <secret-name> | |||
There is a way to attach registry secrets to service accounts, which may resolve the need to have multiple copies of the secret ... but ... | |||
---- | ---- | ||
<references/> | <references/> | ||
Revision as of 00:58, 10 April 2021
For each private registry that you need to have a password for, add a secret as described in the k8s docs<ref>https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/</ref>:
kubectl create secret docker-registry <secret-name> \
--docker-server=<your-registry-server> \
--docker-username=<your-name> \
--docker-password=<your-pword> \
--docker-email=<your-email> \
-n <namespace>
where:
- <secret-name> is the name that will be used to access the registry credentials
- <your-registry-server> is your Private Docker Registry FQDN. (https://index.docker.io/v1/ for DockerHub)
- <your-name> is your Docker username.
- <your-pword> is your Docker password.
- <your-email> is your Docker email.
- <namespace> is the namespace where the container will be used
Note that the secret must be created in the namespace that the container will be used in ... if the same registry is used in multiple namespaces, the secret must be created in each namespace.
To use the registry secret, use the 'imagePullSecrets' tag in the manifest:
apiVersion: v1
kind: Pod
metadata:
name: private-reg
namespace: <namespace>
spec:
containers:
- name: private-reg-container
image: <your-private-image>
imagePullSecrets:
- name: <secret-name>
There is a way to attach registry secrets to service accounts, which may resolve the need to have multiple copies of the secret ... but ...
<references/>