Kubernetes Custom and Private Docker Registries

What Will I Learn From This?

How to pull Docker images from a custom private Docker Registry.

Using a Custom Registry

Kubernetes allows you to pull docker images from a custom registry simply by providing the URL as part of the image name. Here is part of the container spec for my Telegram chatbot MAWBot:

spec:
  containers:
  - name: mawbot
    image: registry.gitlab.com/helm108/mawbot:0.4
    ports:
    - containerPort: 8080

The key part there is the URL in the image name.

Using a Private Registry

In order to use a private registry you need to provide authentication details. Kubernetes has a docker-registry secret type (docs here) for this exact purpose.

kubectl create secret docker-registry gitlab-registry \
  --docker-email="terrarum@gmail.com" \
  --docker-username="terrarum" \
  --docker-server="https://registry.gitlab.com/" \
  --docker-password="${docker_registry_password}"

The format for the first line is:

kubectl create secret - base command
docker-registry - secret type
gitlab-registry - name of secret, could be anything

Your password will either be your actual password, or if you use 2FA you’ll need to create and use a Personal Access Token - see the note in the official documentation for more information.

You’ll then need to tell your deployment to use this secret when pulling the image with imagePullSecrets. If I made MAWBot private it would look like this:

spec:
  containers:
  - name: mawbot
    image: registry.gitlab.com/helm108/mawbot:0.4
    ports:
    - containerPort: 8080
  imagePullSecrets:
  - name: gitlab-registry

Note the the value for name is the name defined in the kubectl create secret command above.

Your Kubernetes cluster will now be able to pull Docker images from your private repo.