Private docker registry

October 19, 2018 5.1k views
Kubernetes

Hi there,

I just got access to the new kubernetes cluster feature. I was wondering about how to access a private docker registry?

Thanks,
M

4 Answers
terrarum October 21, 2018
Accepted Answer

I've done this with Gitlab as my Docker registry.

Create a secret of type docker-registry:

kubectl create secret docker-registry gitlab-registry --docker-email="EMAIL" --docker-username="USERNAME" --docker-server="https://registry.gitlab.com/" --docker-password="PASSWORD"

My deployment spec:

spec:
  replicas: 1
  selector:
    matchLabels:
      app: deploymentName
  template:
    metadata:
      labels:
        app: deploymentName
    spec:
      containers:
      - name: deploymentName
        image: registry.gitlab.com/group/repo:0.9.0
        ports:
        - containerPort: 8080
      imagePullSecrets:
      - name: gitlab-registry

Hope that helps!

  • For security reasons I'd advise against manually passing the password when creating a secret as that will be forever stored in the shell history.

    Another option would be to first login into docker using the command below. That will create a config file with the credentials and then print out it's location.

    docker login
    

    You can then create a secret (ex. regcred) from the config file instead.

    kubectl create secret generic regcred \
        --from-file=.dockerconfigjson=<path/to/.docker/config.json> \
        --type=kubernetes.io/dockerconfigjson
    

    Afterwards you can configure the image pull secrets on the pod:

    ...
    spec:
      imagePullSecrets:
        - name: regcred
    ...
    

The announcement blog did write:

We understand having your data close to your cluster is essential, so you’ll have the option to deploy a private container registry to your cluster with no configuration, and store the images on DigitalOcean Spaces.

So I understand that's not really possible? I can't find a setting anywhere.

Same for the "ingress controller", where is it?

I haven't yet tried to use a private registry from within DO K8s, but have you followed the usual procedure as specified here? https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/

Have another answer? Share your knowledge.