Kubernetes cannot pull an image from private repository on Docker Hub

Question

By some reason Kubernetes cannot pull an image from my private account on Docker Hub. I tried all possible ways of creating a secret (from config.json, by providing credentials directly on command line) but still no success.

Last time I did docker login and executed the following command to create the secret:

kubectl create secret docker-registry dockerhub-credentials --from-file=.dockerconfigjson=/home/myuser/.docker/config.json

Also tried the following command (which is same but I thought there might be a bug in kubectl that doesn't recognize parameters correctly:

kubectl create secret generic dockerhub-credentials --from-file=.dockerconfigjson=/home/myuser/.docker/config.json --type=kubernetes.io/dockerconfigjson

After the deployment I can see the following in the pod's YAML file:

spec:
  volumes:
    ...
  containers:
    - name: container-name
      image: 'username/projects:web_api_123'
      ports:
        - containerPort: 80
          protocol: TCP
      ...
      imagePullPolicy: IfNotPresent
  ...
  imagePullSecrets:
    - name: dockerhub-credentials

An image name is correct (I verified) and a secret with Docker Hub credentials was correctly assigned to my POD. I even patched default service account! But it still doesn't work.

Answer 1

OK, the problem lies in namespaces: all my deployments, pods, services, etc. live inside a separate namespace BUT command that creates a secret does in 'default' namespace.

By some reason, I thought that these secrets in 'default' namespace are visible from another namespace, which is not the case. So, if you want to create a docker config secret, you will have to do it using YAML:

kind: Secret
apiVersion: v1
metadata:
  name: dockerhub-credentials
  namespace: your-namespace
data:
  .dockerconfigjson: base64-encoded-/.docker/config.json
type: kubernetes.io/dockerconfigjson