How to access private Docker Hub repository from Kubernetes on Vagrant

30
votes

I am failing to pull from my private Docker Hub repository into my local Kubernetes setup running on Vagrant:

Container "hellonode" in pod "hellonode-n1hox" is waiting to start: image can't be pulled

Failed to pull image "username/hellonode": Error: image username/hellonode:latest not found

I have set up Kubernetes locally via Vagrant as described here and created a secret named "dockerhub" with kubectl create secret docker-registry dockerhub --docker-server=https://registry.hub.docker.com/ --docker-username=username --docker-password=... --docker-email=... which I supplied as the image pull secret.

I am running Kubernetes 1.2.0.

3
dockerkubernetes

3 Answers

92
votes

To pull a private DockerHub hosted image from a Kubernetes YAML:

Run these commands:

DOCKER_REGISTRY_SERVER=docker.io
DOCKER_USER=Type your dockerhub username, same as when you `docker login`
DOCKER_EMAIL=Type your dockerhub email, same as when you `docker login`
DOCKER_PASSWORD=Type your dockerhub pw, same as when you `docker login`

kubectl create secret docker-registry myregistrykey \
  --docker-server=$DOCKER_REGISTRY_SERVER \
  --docker-username=$DOCKER_USER \
  --docker-password=$DOCKER_PASSWORD \
  --docker-email=$DOCKER_EMAIL

If your username on DockerHub is DOCKER_USER, and your private repo is called PRIVATE_REPO_NAME, and the image you want to pull is tagged as latest, create this example.yaml file:

apiVersion: v1
kind: Pod
metadata:
  name: whatever
spec:
  containers:
    - name: whatever
      image: DOCKER_USER/PRIVATE_REPO_NAME:latest
      imagePullPolicy: Always
      command: [ "echo", "SUCCESS" ]
  imagePullSecrets:
    - name: myregistrykey

Then run:

kubectl create -f example.yaml
8
votes

Create k8 Secret:

apiVersion: v1
kind: Secret
metadata:
  name: repositorySecretKey
data:
  .dockerconfigjson: <base64 encoded docker auth config>
type: kubernetes.io/dockerconfigjson

Then in pod or rc config mention the secret. Example :

apiVersion: v1
kind: Pod
metadata:
  name: test-pod
spec:
  containers:
    - name: test-pod
      image: quay.io/example/hello:1.1
  imagePullSecrets:
    - name: repositorySecretKey

Docker auth config

{
   "https://quay.io": {
    "email": ".",
    "auth": "<base64 encoded auth token>"
  }
}

Or 

kubectl create secret docker-registry myregistrykey \
    --docker-server=DOCKER_REGISTRY_SERVER \
    --docker-username=DOCKER_USER \
    --docker-password=DOCKER_PASSWORD \
    --docker-email=DOCKER_EMAIL
0
votes

You can follow these instructions on how to configure nodes to authenticate to a private repository in order to configure the kubelets to make Docker use your credentials, or follow +Phagun Baya's solution with imagePullSecrets that applies to pods.