0

I am using Kubernetes for the first time, and having a nasty time trying to reference a private DockerHub image.

In the yaml, this is what I have:

.... many other lines
-image: registry.hub.docker.com/MY_DOCKER_HUB_USERNAME/MY_IMAGE_NAME:latest

The error I'm getting says 

Failed to pull image "registry.hub.docker.com/MY_DOCKER_HUB_USERNAME/MY_IMAGE_NAME:latest":
image pull failed for registry.hub.docker.com/MY_DOCKER_HUB_USERNAME/MY_IMAGE_NAME:latest, 
this may be because there are no credentials on this request. 
details: (Error: image MY_DOCKER_HUB_USERNAME/MY_IMAGE_NAME not found)

Now, I am a total know-nothing when it comes to Kubernetes configuration, but so far, where have I gone wrong?

Bryan Rayner
  • 4,172
  • 4
  • 26
  • 38
  • Possibly https://kubernetes.io/docs/user-guide/images/#specifying-imagepullsecrets-on-a-pod, via http://stackoverflow.com/questions/32726923/pulling-images-from-private-registry-in-kubernetes – larsks Jan 22 '17 at 14:23
  • One mistake I made was not using `docker.io` as the domain for my image. – Bryan Rayner Jan 24 '17 at 14:31
  • I should have said `docker.io/MY_DOCKER_HUB_USERNAME/MY_IMAGE_NAME` – Bryan Rayner Jan 24 '17 at 14:31
  • See the scripts in my answer at: https://stackoverflow.com/questions/68037678/how-to-increase-dockerhub-rate-limits-within-kubeless They will help you create the secret and patch the service accounts – AAber Jan 12 '22 at 16:09

1 Answers1

1

Here is an example on how to create a secret key for your private repos an reference it in a deployment:

  1. create the secret key

    kubectl create secret docker-registry myregistrykey --docker-server=DOCKER_REGISTRY_SERVER --docker-username=DOCKER_USER --docker-password=DOCKER_PASSWORD --docker-email=DOCKER_EMAIL

  2. use it in a deployment

    apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: example
  namespace: default
spec:
  replicas: 1
  strategy:
    rollingUpdate:
      maxSurge: 1
      maxUnavailable: 0
    type: RollingUpdate
  template:
    metadata:
      labels:
        run: example
    spec:
      containers:
      - name: example
        image: myregistryrepo/myimage:latest
        ports:
        - containerPort: 80
          name: http
        imagePullPolicy: Always
      imagePullSecrets:
        - name: myregistrykey
Camil
  • 7,800
  • 2
  • 25
  • 28
  • Yes, just retreive your credentials using `aws ecr get-login` and then create the secret like this: `kubectl create secret docker-registry myregistrykey --docker-serverttps://xxxxx.dkr.ecr.us-east-1.amazonaws.com --docker-username=AWS --docker-password=DOCKER_PASSWORD --docker-email=none` – Camil Jan 24 '17 at 17:04
  • 1
    If deploying to AWS, set the cloud-provider to "aws" and it will automatically handle the credentials for you. Also, if not in AWS you could look at this repo (https://github.com/upmc-enterprises/registry-creds), which will handle the creds for you like @Camil suggested. – Steve Sloka Jan 30 '17 at 01:47
  • Supporting @SteveSloka comment. You can actually attach IAM role to aws ec2 instance and grant ecr permission (assuming you are running k8s in aws in same account). If you are running k8s in different aws account and your ecr repo located in different aws account, add readonly policies and grant permission for cross account on ecr repo. – Balkrishna Feb 13 '18 at 23:09