Pull Image from Private Docker Registry in Kubernetes cluster | Demo
Table of Contents
Introduction
In this tutorial, we will learn how to pull Docker images from a private Docker registry into a Kubernetes cluster. This process involves creating a Kubernetes secret that contains the necessary authentication credentials and configuring your deployment to use this secret. This guide is especially relevant for developers working with private repositories where images need explicit access permissions.
Chapter 1: Steps to Pull Image from Private Registry
To pull images from a private Docker registry in a Kubernetes cluster, follow these two main steps:
-
Create a Kubernetes Secret
- This secret will store the access token or credentials required to authenticate with your private Docker registry.
-
Configure Your Deployment
- Update your deployment configuration to reference the secret using the
imagePullSecretsattribute.
- Update your deployment configuration to reference the secret using the
Chapter 2: Environment Setup
Before we start, ensure you have the following set up:
- Private Docker Registry: In this case, an AWS Container Registry with your application images.
- Minikube: A local Kubernetes cluster set up and running.
- Docker CLI: Installed on your local machine to facilitate the login process.
If you need assistance setting up the AWS Container Registry, refer to the linked video on that topic.
Chapter 3: Login to AWS Container Repository
To create a Kubernetes secret, you need to authenticate with your private Docker registry. Here’s how to do it:
-
Use Docker Login Command:
docker login -u <username> -p <password> <your-private-registry-url>- Use the
--password-stdinoption for added security:
echo "<password>" | docker login -u <username> --password-stdin <your-private-registry-url> - Use the
-
Check Authentication:
- Successful login creates a
config.jsonfile in the~/.dockerdirectory, storing your authentication tokens.
- Successful login creates a
-
Login from Minikube:
- Since Minikube runs in a virtual environment, log in to the private repository directly from within Minikube. Use SSH to access the Minikube instance:
minikube ssh- Repeat the Docker login command inside the Minikube terminal.
Chapter 4: Create Secret Component
Now that you’re logged in, you can create the Kubernetes secret using the Docker config file:
-
Copy the Config File:
- Transfer the
config.jsonfile from Minikube to your host machine to use it withkubectl.
- Transfer the
-
Create the Secret:
- Run the following command to create a Docker registry secret:
kubectl create secret docker-registry my-registry-key \ --docker-server=<your-private-registry-url> \ --docker-username=<username> \ --docker-password=<password> \ --docker-email=<email>- Alternatively, you can create the secret from the
config.jsonfile:
kubectl create secret generic my-registry-key \ --from-file=.dockerconfigjson=<path-to-config.json> \ --type=kubernetes.io/dockerconfigjson -
Verify the Secret:
- Check if the secret is created successfully:
kubectl get secrets
Chapter 5: Configure Deployment Component
With the secret created, you can now configure your deployment to use it.
-
Define Your Deployment:
- Create a deployment YAML file with the following structure:
apiVersion: apps/v1 kind: Deployment metadata: name: my-app spec: replicas: 1 selector: matchLabels: app: my-app template: metadata: labels: app: my-app spec: containers: - name: my-app image: <your-private-registry-url>/<image-name>:<tag> ports: - containerPort: 3000 imagePullSecrets: - name: my-registry-key -
Apply Your Deployment:
- Use the following command to deploy your application:
kubectl apply -f <deployment-file>.yaml -
Monitor the Deployment:
- Check the status of your pods:
kubectl get pods
Conclusion
In this tutorial, we covered how to pull images from a private Docker registry into a Kubernetes cluster. We created a secret for authentication and configured our deployment to use this secret. Remember that the secret must reside in the same namespace as your deployment for it to work effectively.
Next steps for you could include experimenting with different deployment configurations or scaling your application in Kubernetes. If you have any questions or need further clarification, feel free to reach out!