# How to deploy images from a private registry on Kubernetes.

One of the first things I wondered when I started working with Kubernetes was; how to deploy images from a private registry.

Most examples on tutorials, use a public image from `docker hub` to show you how to create a deployment, but when you work in a company that has a private registry, you will need a way to be authenticated.

And that way is to use a `secret`.

In this post, I’m going to explain how to do it using the registries given by GitHub and GitLab.

## Creating an authentication token.

The first step would be to create an authentication token to get access to your registry.

### Github.

For Github go to `Account Settings` → `Developer Settings` → `Personal access tokens` and click on `Generate new token`.

Create a new token (you can set it to expire or not depending on your needs).

Check `read_packages`.

Copy the generated token. We will use it later on our `secret`.

### GitLab.

For GitLab go to `User Settings` → `Access Tokens` and create a token giving it a name and check on `read_registry`.

Copy the generated token. We will use it later on our `secret`.

## Create the secret.

Now use kubectl to create your secret:

```bash
kubectl create secret docker-registry [SECRET_NAME] \
 --docker-server=[SERVICE_REGISTRY] \ 
 --docker-username=[USERNAME] \
 --docker-password=[TOKEN] \
 --docker-email=[EMAIL]
```

**Where:**

* \[SECRET\_NAME\] is the name of your secret and you will use it later in the deployment, for example; **mysecret**.
    
* \[SERVICE\_REGISTRY\] is your registry domain.
    
    * For GitHub: [**ghcr.io**](http://ghcr.io)
        
    * For GitLab: [**registry.gitlab.com**](http://registry.gitlab.com)
        

For example:

```bash
kubectl create secret docker-registry mysecret \
 --docker-server=ghcr.io \ 
 --docker-username=myusername \
 --docker-password=[TOKEN] \
 --docker-email=myusername@mail.com
```

## Configure your deployment.

Now you can add the section `imagePullSecrets` in your deployment.

```yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: mydeployment
spec:
  ...
    spec:
      imagePullSecrets:
        - name: mysecret
      containers:
        - image: ghcr.io/myusername/myproject:latest
	...
```

Pay special attention to:

```yaml
imagePullSecrets:
        - name: mysecret
```

And that’s it, your deployment will be authenticated and download your container’s image to create your pods.

Please let me a comment and tell me if this was useful for you.

Thank you.