Docker-for-desktop kubernetes pull image from private repository

0
votes

I am new to kubernetes and GCP. I am trying to deploy locally. I have an image that it is in a private repository in Google Registry.

I was able to deploy in a GCP cluster, but locally I am getting ErrImagePull when I try to apply the deployment.

I tried the following steps

  1. Created a Service Account with the role Viewer and downloaded the json file

  2. I encoded the file with the following command openssl base64 -in file.json -out encodedfile.json

  3. I removed the return characters on the encoded file (to have the encoded content in one line)

  4. I created a secret with a yaml to be able to access the docker Registry, and pasted the content of the encoded file on .dockerconfigjson

    apiVersion: v1 kind: Secret metadata: name: gcr-json-key namespace: development data: .dockerconfigjson: xxxxx type: kubernetes.io/dockerconfigjson

  5. In the deployment I added

    imagePullSecrets:

    • name: gcr-json-key

I am getting the same error, it is not able to pull from the private google registry into my local machine

UPDATE 1

I encoded the json file with this command

base64 -i myorg-8b8eea93246a.json -o encoded-myorg-8b8eea93246a.json

Then I checked that this encoded file works

cat encoded-myorg-8b8eea93246a.json | docker login -u _json_key_base64 --password-stdin \
https://us-docker.pkg.dev

And it worked

Login Succeeded

This is the yaml file I am using to create the secret

apiVersion: v1
kind: Secret
metadata:
  name: gcr-json-key
  namespace: development
data:
  .dockerconfigjson: <XXXX content of encoded myorg-8b8eea93246a.json file XXXX>
type: kubernetes.io/dockerconfigjson

And in the deployment I have

...
spec:
  ...
  imagePullSecrets:
  - name: gcr-json-key
...

The deployment is created but the image is not pulled. In the kubectl get all I can see the status ImagePullBackOff

When I do a describe to the pod

Failed to pull image "gcr.io/xxx/yyy": rpc error: code = Unknown desc = Error response from daemon: unauthorized: You don't have the needed permissions to perform this operation, and you may have invalid credentials.
1
dockerkubernetesgoogle-cloud-platformdocker-for-mac
1.What you mean by I was able to deploy in a GCP cluster, but locally I am getting ErrImagePull when I try to apply the deployment.? You have gce/gke cluster and everything works fine here, but if you try to download image from your local pc you can't do it? 2.Your deployment is deployed in the same namespace as your secret? Secret API objects reside in a namespace and they can only be referenced only by pods in the same namespace.Jakub
@Jakub thanks for the answer. It is like you wrote, in my cluster in gcp/gke is working. There I use a service account to pull the image from the registry. I applied the serviceAccount and the secret in my local pc context/namespace, but I am getting the same error. Thanks for the comment, it helped me to clarify that secrets also have namespace.agusgambina

1 Answers

2
votes

You are on right path. You need to create secret for registry login. This works for me:

kubectl create secret docker-registry <secret_name> --docker-server=<your.registry.domain.name> --docker-username=<user> --docker-password=<password> --docker-email=<your_email>

And then I use this secret for deployment:

spec:
  replicas: 1
  strategy: 
    type: Recreate
  template:
    metadata:
      creationTimestamp: null
      labels:
        io.kompose.service: server
    spec:
      imagePullSecrets:
        - name: <secret_name>