How to deploy images from a private registry on Kubernetes.

One of the first things I wondered when I started working with Kubernetes was; how to deploy images from a private registry.

Most examples on tutorials, use a public image from docker hub to show you how to create a deployment, but when you work in a company that has a private registry, you will need a way to be authenticated.

And that way is to use a secret.

In this post, I’m going to explain how to do it using the registries given by GitHub and GitLab.

Creating an authentication token.

The first step would be to create an authentication token to get access to your registry.

Github.

For Github go to Account Settings → Developer Settings → Personal access tokens and click on Generate new token.

Create a new token (you can set it to expire or not depending on your needs).

Check read_packages.

Copy the generated token. We will use it later on our secret.

GitLab.

For GitLab go to User Settings → Access Tokens and create a token giving it a name and check on read_registry.

Copy the generated token. We will use it later on our secret.

Create the secret.

Now use kubectl to create your secret:

kubectl create secret docker-registry [SECRET_NAME] \
 --docker-server=[SERVICE_REGISTRY] \ 
 --docker-username=[USERNAME] \
 --docker-password=[TOKEN] \
 --docker-email=[EMAIL]

Where:

[SECRET_NAME] is the name of your secret and you will use it later in the deployment, for example; mysecret.
[SERVICE_REGISTRY] is your registry domain.
- For GitHub: ghcr.io
- For GitLab: registry.gitlab.com

For example:

kubectl create secret docker-registry mysecret \
 --docker-server=ghcr.io \ 
 --docker-username=myusername \
 --docker-password=[TOKEN] \
 --docker-email=myusername@mail.com

Configure your deployment.

Now you can add the section imagePullSecrets in your deployment.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: mydeployment
spec:
  ...
    spec:
      imagePullSecrets:
        - name: mysecret
      containers:
        - image: ghcr.io/myusername/myproject:latest
    ...

Pay special attention to:

imagePullSecrets:
        - name: mysecret

And that’s it, your deployment will be authenticated and download your container’s image to create your pods.

Please let me a comment and tell me if this was useful for you.

Thank you.

raag's blog