46

I am planning to deploy an application in my kubernetes-clustering infra. I pushed image to dockerhub repo. How can I pull image from dockerhub?

Snipper03
  • 1,484
  • 4
  • 15
  • 29
  • 1
    The [docu](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/) explains pretty well, how to add dockerhub credentials to your cluster. If your image is publicly reachable on dockerhub, you dont need credentials and can just specify the image in the pod definition. – fishi0x01 Feb 28 '18 at 15:16
  • Thanks @fishi - I am using public repo. So you are meaning I need to set public repo name in the yaml file then it will work for me? – Snipper03 Feb 28 '18 at 15:32
  • You must set the image name - it is the same you would use to `docker pull` the image locally. – fishi0x01 Feb 28 '18 at 15:50
  • @fishi I have a question. How can kubernetes know the server URL? Mine is public repo and I'd only added username/repo-name in the image field. – Snipper03 Feb 28 '18 at 16:58
  • @fish And ImagePullBackOff error occurs. It seems TLS handshake timeout - it can not find the dockerhub server and it can not access the repo. How can I provide the server FQDN if I use public repo? – Snipper03 Feb 28 '18 at 17:00
  • 1
    k8s uses docker under the hood - just as you would locally on your machine. Now an image name is composed as `[RepoHost]/[ProjectID]/[RrepoName]:[Tag]`. If you omit `[RepoHost]`, then docker assumes dockerhub (docker.io) as default. Concerning the TLS handshake t/o, I am not sure what causes this in your case. – fishi0x01 Feb 28 '18 at 17:37
  • 1
    if you want any useful help, It would be much better to post your k8s manifest here. Also an output of `kubectl -n describe po ` to the `Pod` where `ImagePullBackOff` error occurs might be helpful – Konstantin Vustin Jun 26 '18 at 11:23

4 Answers4

34

One line command to create a Docker registry secret

kubectl create secret docker-registry regcred --docker-username=<your-name> --docker-password=<your-pword> --docker-email=<your-email> -n <your-namespace>

Then you can use it in your deployment file under spec

spec:
  containers:
  - name: private-reg-container-name
    image: <your-private-image>
  imagePullSecrets:
  - name: regcred

More details: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-secret-in-the-cluster-that-holds-your-authorization-token

Bill Hegazy
  • 426
  • 4
  • 3
  • 4
    Good callout on namespace, the documents gloss right over this – DevOops May 01 '19 at 14:18
  • is it possible to get `kubectl` to run Docker inside the node? that way I could try an image pull by hand (I can't seem to SSH into my nodes) – ekkis Jun 22 '21 at 00:06
  • Replace with a specific Docker Hub path, since OP was asking specifically about Docker Hub – Karthick Jun 28 '23 at 06:46
25

Kubernetes run docker pull pseudo/your-image:latest under the hood. image field in Kubernetes resources is simply the docker image to run.

spec:
  containers:
  - name: app
    image: pseudo/your-image:latest
[...]

As the docker image name contains no specific docker registry url, the default is docker.io. Your image is in fact docker.io/pseudo/your-image:latest

If your image is hosted in a private docker hub repo, you need to specify an image pull secret in the spec field.

spec:
  containers:
  - name: app
    image: pseudo/your-image:latest
  imagePullSecrets:
  - name: dockerhub-credential

Here is the documentation to create the secret containing your docker hub login: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/

Yann C.
  • 1,315
  • 12
  • 17
1

using docker pull or kubectl set image

example yaml deployment

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-deployment
  labels:
    app: nginx
spec:
  replicas: 3
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx:1.14.2
        ports:
        - containerPort: 80

start container and show status deployment with kubectl get deployments

result

 NAME               READY   UP-TO-DATE   AVAILABLE   AGE
nginx-deployment   3/3     3            3           18s

and now update image in kubernetes using set image

kubectl set image deployment/nginx-deployment nginx=nginx:1.16.1

and show status update image with rollout

kubectl rollout status deployment/nginx-deployment

Note: ngnix is name of container ->name

  containers:
      - name: nginx
        image: nginx:1.14.2

nginx:1.16.1 is image version in docker hub, is recommendable change version for update

if you decided remove update and rollback to the previous revision, use rollout undo

kubectl rollout undo deployment/nginx-deployment

for more information, use the documentation

Daniel
  • 736
  • 4
  • 8
0
  1. Create a docker registry secret:
#!/bin/bash

for ns in $(kubectl get namespaces |grep -v NAME|awk '{print $1}')
do
   kubectl create secret docker-registry docker.registry \
       --docker-username=<MyAccountName> \
       --docker-password='MyDockerHubPassword' -n $ns
done
  1. Patch all the dynamic service accounts in all the namesapces with the secret you created in step 1
for ns in $(kubectl get namespaces|grep -v NAME|awk '{print $1}')
do
        for sa in $(kubectl -n $ns get sa|grep -v SECRETS|awk '{print $1}')
        do
           kubectl patch serviceaccount $sa -p '{"imagePullSecrets": [{"name": "docker.registry"}]}' -n $ns
           if [ $? -eq 0 ]; then
                echo $ns $sa patched
           else
                echo Error patching $ns $sa
           fi
        done
done

You can patch only specific namespaces, if you wish.

Let me know how it goes.

AAber
  • 1,562
  • 10
  • 14