image: docker.io/nginx/nginxHere
- docker.io - Registry by default
- nginx - user account
- nginx - image repository
Other registries examples
- gcr.io/
- Create a secret
$ kubectl create secret docker-registry regcred \
--docker-server=private-registry.io \
--docker-username=registry-user \
--docker-password=registry-password \
--docker-email=registry-user@org.comapiVersion: v1
kind: Pod
metadata:
name: nginx-pod
spec:
containers:
- name: nginx
image: private-registry.io/apps/internal-app
imagePullSecrets:
- name: regcredWe have an application running on our cluster. Let us explore it first. What image is the application using?
controlplane $ kubectl describe deployment web | egrep -i image
Image: nginx:alpineWe decided to use a modified version of the application from an internal private registry. Update the image of the deployment to use a new image from myprivateregistry.com:5000
- The registry is located at myprivateregistry.com:5000. Don't worry about the credentials for now. We will configure them in the upcoming steps.
controlplane $ cat dep.yaml | egrep -i image | egrep -v "f:|If"
- image: myprivateregistry.com:5000/nginx:alpinecontrolplane $ kubectl get pods
NAME READY STATUS RESTARTS AGE
web-85fcf65896-9xjkh 0/1 ImagePullBackOff 0 86sName: private-reg-cred
Username: dock_user
Password: dock_password
Server: myprivateregistry.com:5000
Email: dock_user@myprivateregistry.com
$ kubectl create secret docker-registry private-reg-cred --docker-username=dock_user --docker-password=dock_password --docker-server=myprivateregistry.com:5000 --docker-email=dock_user@myprivateregistry.comConfigure the deployment to use credentials from the new secret to pull images from the private registry
controlplane $ cat dep.yaml | egrep -i imagePullSecrets: -A 2 -B 6
- image: myprivateregistry.com:5000/nginx:alpine
imagePullPolicy: IfNotPresent
name: nginx
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
imagePullSecrets:
- name: private-reg-cred
dnsPolicy: ClusterFirst