How to use Kubernetes Secret to pull private Docker Images from DockerHub

3 min readMar 19, 2023

In this article, you will learn how we pull the private docker image from DockerHub using Kubernetes Secret and create a Kubernetes Pod from the docker private image.

Docker Hub:

Docker Hub is a hosted repository service provided by Docker for finding and sharing container images with your team. Key features include Private Repositories: Push and pull container images. Automated Builds: Automatically build container images from GitHub and Bitbucket and push them to Docker Hub.

Kubernetes Secrets:

A Secret is an object that contains a small amount of sensitive data such as a password, a token, or a key. Such information might otherwise be put in a Pod specification or in a container image. Using a Secret means that you don’t need to include confidential data in your application code.


To use a secret to pull a private image from a container registry, you can create a “imagePullSecrets” field in your deployment or pod YAML file. Here’s an example:

Step1: Create a secret

kubectl create secret docker-registry my-registry-secret \
— docker-username=DOCKER_USER \
— docker-password=DOCKER_PASSWORD \
— docker-email=DOCKER_EMAIL

Replace the DOCKER_REGISTRY_SERVER, DOCKER_USER, DOCKER_PASSWORD, and DOCKER_EMAIL with your container registry server address, username, password, and email respectively.

My secret screenshot
Created secret

Step2: My Dockerhub account, where I have my private docker image

Screenshot of my Dockerhub account

Step3: Create a deployment file with “imagePullSecrets”

Modify your deployment or pod YAML file to include the imagePullSecrets field:

Here I am pulling my own private Docker Image from Docker Hub

In this example, we added the imagePullSecrets field to the deployment YAML file, and set the value to the name of the secret we created in step 1 (my-registry-secret). Kubernetes will use this secret to authenticate with the container registry when pulling the private-registry/my-image image.

When you apply the modified YAML file to your cluster, Kubernetes will use the specified secret to authenticate with the container registry and pull the private image.

Step4: Final result

For this article I am using “minikube” cluster, so you can see that before creating the deployment we don’t have the docker image “usm87/jenkins-cicd-maven-project:v4”

After creating the deployment, below are the Pod event logs

Now you can see we have the docker image “usm87/jenkins-cicd-maven-project:v4” pulled from the docker hub successfully.

Github repo for the code:

I hope you enjoyed reading this article, please feel free to contact me Syedusmanahmad if you have any questions.

Please feel free to write @ | Linkedin for any queries on AWS/DevOps & stay tuned for the next write-up.

If this post was helpful, please click the clap 👏 button below a few times to show your support for the author 👇




AWS & DevOps Architect | Linux, Docker, Kubernetes, Terraform, Jenkins, Git&GitHub, Ansible expert