using secret to pull image from private docker registry

[mfanjie]

From one of your machine, run docker loginhttps://docker.io/v1 Check docker config file by echo $(sudo cat .docker/config.json) { "auths": { "https://docker.io/v1/": { "auth": “yourpassphrase", "email": "email@ebay.com" } } } Copy the red part to a file, please do not use echo, if will omit the “” which is required. cat config.json { "https://docker.io/v1/": { "auth": "yourpassphrase", "email": "email@ebay.com" } } Create secret by cat config.json | base64 -w 0 Your-base-64-digest-for-docker-registry-credentials Create kubernetes secret apiVersion: v1 kind: Secret metadata: name: myregistrykey data: .dockercfg: Your-base-64-digest-for-docker-registry-credentials type: kubernetes.io/dockercfg Create your pod and specify secret cat foo.yaml apiVersion: v1 kind: Pod metadata: name: foo spec: containers:

• name: foo image: https://docker.io/v1/myimage imagePullSecrets:
• name: myregistrykey Check your pod kubectl get pods foo 1/1 Running 0 9m

[mfanjie]

two tricky points:

1. the docker config.json format has been changed by newer docker verion, and the kubernetes document did not update accordingly. The auths wrapper is not required, and you need only get base64 of the content.
2. remember to encode the content with "", do not use echo, as echo will omit the "", remember to run base64 --decode to check if the encoded content is correct.
3. in K8s 1.2, the secret creation can be created directly by kubectl create secret with url, email,password specified