docker - Pulling images from private registry in Kubernetes

Question

I have built a 4 node kubernetes cluster running multi-container pods all running on CoreOS. The images come from public and private repositories. Right now I have to log into each node and manually pull down the images each time I update them. I would like be able to pull them automatically.

1. I have tried running docker login on each server and putting the .dockercfg file in /root and /core
2. I have also done the above with the .docker/config.json
3. I have added secret to the kube master and added imagePullSecrets:
   • name: docker.io to the Pod configuration file.

When I create the pod i get the error message Error:

image <user/image>:latest not found

If I log in and run docker pull it will pull the image. I have tried this using docker.io and quay.io.

Answer 1

To add to what @rob said, as of docker 1.7, the use of .dockercfg has been deprecated and they now use a ~/.docker/config.json file. There is support for this type of secret in kube 1.1, but you must create it using different keys/type configuration in the yaml:

First, base64 encode your ~/.docker/config.json:

cat ~/.docker/config.json | base64 -w0   

Note that the base64 encoding should appear on a single line so with -w0 we disable the wrapping.

Next, create a yaml file: my-secret.yaml

apiVersion: v1
kind: Secret
metadata:
  name: registrypullsecret
data:
  .dockerconfigjson: <base-64-encoded-json-here>
type: kubernetes.io/dockerconfigjson

-

$ kubectl create -f my-secret.yaml && kubectl get secrets

NAME                  TYPE                                  DATA
default-token-olob7   kubernetes.io/service-account-token   2
registrypullsecret    kubernetes.io/dockerconfigjson        1

Then, in your pod's yaml you need to reference registrypullsecret or create a replication controller:

apiVersion: v1
kind: Pod
metadata:
  name: my-private-pod
spec:
  containers:
    - name: private
      image: yourusername/privateimage:version
  imagePullSecrets:
    - name: registrypullsecret