Accessing Private Repositories

From WilliamsNet Wiki
Revision as of 00:58, 10 April 2021 by DrEdWilliams (talk | contribs) (added more detail and an example)
Jump to navigation Jump to search

For each private registry that you need to have a password for, add a secret as described in the k8s docs<ref>https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/</ref>: 

kubectl create secret docker-registry <secret-name> \
    --docker-server=<your-registry-server> \
    --docker-username=<your-name> \
    --docker-password=<your-pword> \
    --docker-email=<your-email> \
    -n <namespace>

where:

  • <secret-name> is the name that will be used to access the registry credentials
  • <your-registry-server> is your Private Docker Registry FQDN. (https://index.docker.io/v1/ for DockerHub)
  • <your-name> is your Docker username.
  • <your-pword> is your Docker password.
  • <your-email> is your Docker email.
  • <namespace> is the namespace where the container will be used

Note that the secret must be created in the namespace that the container will be used in ... if the same registry is used in multiple namespaces, the secret must be created in each namespace.

To use the registry secret, use the 'imagePullSecrets' tag in the manifest: 

apiVersion: v1
kind: Pod
metadata:
  name: private-reg
  namespace: <namespace>
spec:
  containers:
  - name: private-reg-container
    image: <your-private-image>
  imagePullSecrets:
  - name: <secret-name>

There is a way to attach registry secrets to service accounts, which may resolve the need to have multiple copies of the secret ... but ...

<references/>

Retrieved from "http://wiki.williams-net.org/index.php?title=Accessing_Private_Repositories&oldid=423"