While the public docker registry provides a overwhelming amount of publicly-accessible images, you will likely want to deploy a private or customized image at some point. Depending on what you want
Creating an auth secret from a previous Docker login
If you have previously logged your local device into the docker registry with docker login, you can reuse this configuration directly without doing any changes. The login information is stored in the file ~/.docker/config.json, which you can use to create the authentication secret:
kubectl create secret generic regcred \
--from-file=.dockerconfigjson=<path/to/.docker/config.json> \
--type=kubernetes.io/dockerconfigjson
This creates a Secret called regcred that you can use to pull private images. Be aware that this file contains all logins to registries you have authenticated to.
Creating an auth secret from kubectl
As an alternative to reusing a local docker login config file, you can create an authentication secret for a container registry directly from kubernetes using kubectl:
kubectl create secret docker-registry regcred \
--docker-server=<your-registry-server> \
--docker-username=<your-username> \
--docker-password=<your-password> \
--docker-email=<your-email>
This approach should also have created a Secret named regcred.
Checking the authentication secret
To ensure the previous steps worked properly, you can inspect the secret and ensure the data is correct:
kubectl describe secret regcred
Should produce output similar to this:
Name: regcred
Namespace: default
Labels: <none>
Annotations: <none>
Type: kubernetes.io/dockerconfigjson
Data
====
.dockerconfigjson: 135 bytes
To check if the login information is correct, you can use print a decoded JSON version of it:
kubectl get secret regcred --output="jsonpath={.data.\.dockerconfigjson}" | base64 --decode
Deploying an image from a private registry
Now that authentication has been set up, a Pod can use the regcred Secret to authenticate by supplying it's name under the imagePullSecrets yaml key:
apiVersion: v1
kind: Pod
metadata:
name: my-private-pod
spec:
containers:
- name: my-private-container
image: <my-private-image>
imagePullSecrets:
- name: regcred
The regcred Secret can be reused for any number of pods and images. If you need multiple logins to different (or even the same) container registry, make sure to change the names accordingly to prevent conflicts.