deor

Pulling Docker Container from Private Registry in Kubernetes

To pull a docker container from a private registry, create a docker-registry secret via:

kubectl create secret docker-registry regcred --docker-server=https://index.docker.io/v1/ --docker-username=xxx --docker-password=xxx --docker-email=xxx

Make sure to replace the username / password / email with your information. Also, replace the docker server url if using a registry different from docker hub.

Common registry server urls are (saving these for later, because sometimes these are annoying to find)

  • Docker hub: https://index.docker.io/v1/
  • Github Actions: docker.pkg.github.com/[owner]/[repo]
  • Quay: quay.io
  • Google Container Registry: gcr.io (global endpoint, might need to use a regional one)
  • Amazon Elastic Container Registry: [aws_account_id].dkr.ecr.[region].amazonaws.com
  • Azure Container Registry: [registry_name].azurecr.io

Example using the secret in deployment config:

apiVersion: apps/v1
kind: Deployment
metadata:
    name: whoami
spec:
    replicas: 1
    selector:
        matchLabels:
            app: whoami
    template:
        metadata:
            labels:
                app: whoami
        spec:
            containers:
                - name: whoami-container
                  image: d3or/whoami
                  ports:
                      - containerPort: 3000
            imagePullSecrets:
                - name: regcred