Reputation: 6699
Docker-for-desktop kubernetes pull image from private repository
I am new to kubernetes and GCP. I am trying to deploy locally. I have an image that it is in a private repository in Google Registry.
I was able to deploy in a GCP cluster, but locally I am getting ErrImagePull when I try to apply the deployment.
I tried the following steps
Created a
Service Accountwith the roleViewerand downloaded the json fileI encoded the file with the following command
openssl base64 -in file.json -out encodedfile.jsonI removed the return characters on the encoded file (to have the encoded content in one line)
I created a secret with a yaml to be able to access the docker Registry, and pasted the content of the encoded file on
.dockerconfigjsonapiVersion: v1 kind: Secret metadata: name: gcr-json-key namespace: development data: .dockerconfigjson: xxxxx type: kubernetes.io/dockerconfigjson
In the deployment I added
imagePullSecrets:
- name: gcr-json-key
I am getting the same error, it is not able to pull from the private google registry into my local machine
UPDATE 1
I encoded the json file with this command
base64 -i myorg-8b8eea93246a.json -o encoded-myorg-8b8eea93246a.json
Then I checked that this encoded file works
cat encoded-myorg-8b8eea93246a.json | docker login -u _json_key_base64 --password-stdin \
https://us-docker.pkg.dev
And it worked
Login Succeeded
This is the yaml file I am using to create the secret
apiVersion: v1
kind: Secret
metadata:
name: gcr-json-key
namespace: development
data:
.dockerconfigjson: <XXXX content of encoded myorg-8b8eea93246a.json file XXXX>
type: kubernetes.io/dockerconfigjson
And in the deployment I have
...
spec:
...
imagePullSecrets:
- name: gcr-json-key
...
The deployment is created but the image is not pulled. In the kubectl get all I can see the status ImagePullBackOff
When I do a describe to the pod
Failed to pull image "gcr.io/xxx/yyy": rpc error: code = Unknown desc = Error response from daemon: unauthorized: You don't have the needed permissions to perform this operation, and you may have invalid credentials.
Upvotes: 1
Views: 2093
Answers (1)
Reputation: 853
You are on right path. You need to create secret for registry login. This works for me:
kubectl create secret docker-registry <secret_name> --docker-server=<your.registry.domain.name> --docker-username=<user> --docker-password=<password> --docker-email=<your_email>
And then I use this secret for deployment:
spec:
replicas: 1
strategy:
type: Recreate
template:
metadata:
creationTimestamp: null
labels:
io.kompose.service: server
spec:
imagePullSecrets:
- name: <secret_name>
Upvotes: 3
Related Questions
- Pulling docker image in GKE
- "Failed to pull image: pull access denied" on a private docker repository
- Kubernetes cannot pull image from private docker image repository
- Kubernetes cannot pull an image from private repository on Docker Hub
- Image pulling issue on Kubernetes from private repository
- Kubernetes cannot pull image from public docker image repository
- Pulling local repository docker image from kubernetes
- kubectl not able to pull the image from private repository
- Kubernetes Engine unable to pull image from non-private / GCR repository
- Kubernetes does not pull docker image from private repository without https