How to use Kubernetes Secret to pull private Docker Images from DockerHub
In this article, you will learn how we pull the private docker image from DockerHub using Kubernetes Secret and create a Kubernetes Pod from the docker private image.
Docker Hub:
Docker Hub is a hosted repository service provided by Docker for finding and sharing container images with your team. Key features include Private Repositories: Push and pull container images. Automated Builds: Automatically build container images from GitHub and Bitbucket and push them to Docker Hub.
Kubernetes Secrets:
A Secret is an object that contains a small amount of sensitive data such as a password, a token, or a key. Such information might otherwise be put in a Pod specification or in a container image. Using a Secret means that you don’t need to include confidential data in your application code.
Example:
To use a secret to pull a private image from a container registry, you can create a “imagePullSecrets” field in your deployment or pod YAML file. Here’s an example:
Step1: Create a secret
kubectl create secret docker-registry my-registry-secret \
— docker-username=DOCKER_USER \
— docker-password=DOCKER_PASSWORD \
— docker-email=DOCKER_EMAIL
Replace the DOCKER_REGISTRY_SERVER
, DOCKER_USER
, DOCKER_PASSWORD
, and DOCKER_EMAIL
with your container registry server address, username, password, and email respectively.
Step2: My Dockerhub account, where I have my private docker image
Step3: Create a deployment file with “imagePullSecrets”
Modify your deployment or pod YAML file to include the imagePullSecrets
field:
In this example, we added the imagePullSecrets
field to the deployment YAML file, and set the value to the name of the secret we created in step 1 (my-registry-secret
). Kubernetes will use this secret to authenticate with the container registry when pulling the private-registry/my-image
image.
When you apply the modified YAML file to your cluster, Kubernetes will use the specified secret to authenticate with the container registry and pull the private image.
Step4: Final result
For this article I am using “minikube” cluster, so you can see that before creating the deployment we don’t have the docker image “usm87/jenkins-cicd-maven-project:v4”
After creating the deployment, below are the Pod event logs
Now you can see we have the docker image “usm87/jenkins-cicd-maven-project:v4” pulled from the docker hub successfully.
Github repo for the code: https://github.com/lbistech/kubernetes
I hope you enjoyed reading this article, please feel free to contact me Syedusmanahmad if you have any questions.
Please feel free to write @ engr.syedusmanahmad@gmail.com | Linkedin https://www.linkedin.com/in/engrusman-ahmad for any queries on AWS/DevOps & stay tuned for the next write-up.
If this post was helpful, please click the clap 👏 button below a few times to show your support for the author 👇