Pull Image from Private Docker Registry in Kubernetes cluster | Demo

► CLI Commands and YAML Files for this video: https://gitlab.com/nanuchi/kubernetes-tutorial-series-youtube/-/tree/master/pull-images-from-private-reporsitory-in-k8s
► Demo Nodejs app: https://gitlab.com/nanuchi/techworld-js-docker-demo-app

▬▬▬▬▬▬ T I M E S T A M P S
0:00 – Intro – common workflow
1:11 – Steps to pull image from private registry
1:40 – Environment Setup: Private Registry, Application, Minikube
2:42 – Login to AWS Container Repository | docker login and create docker config.json file
8:20 – Create Secret component
15:45 – Configure Deployment component
20:51 – Summary

👉🏼 For any questions/issues/feedback, please leave me a comment and I will get back to you as soon as possible.
Please don't forget to subscribe and give me a thumbs up if you liked my video 😊🙏

I am getting an error in k8s cluster saying the "Container image "image/name:v1" already present on machine. How can I delete that image ?

I am stucked at minute 7:26 when you run the docker login command from within Minikube (after you do minikube ssh). I am not using an AWS registry but rather a Nexus OSS in my host machine on port 8082. When I run the docker login command from within minikube as follows:
docker login host.minikube.internal:8082
hit enter and in the prompt for user name and password I enter those I get the following error:
Error response from daemon: Get "https://host.minikube.internal:8082/v2/": http server gave http response to HTTPS client.

I have tried starting my minikube with (and different version of that with http:// in front):
minikube start –driver=docker –insecure-registry=host.minikube.internal:8082

and I still get the same error. It is really frustrating.

Anyone know how do I get passed that?

Does the login password have a TTL?

Thank you Nana that was really very helpful.

Have you got a video about how to pull an image from a public registry?

Hello @nana, can i download a images from one private docker registry as tar bundle and push it to another private registry with rest api or curl ?
can you pls support here

After docker pull from a registry, how do we use the image on the local machine in k8s deployment file. IamgePullPolicy = never did not work

Big fan of your channel and I recommend it to everyone.

Your instructions for this are good, but how does this all change when not using Docker for the runtime (the supported containerd for example)? I've been having a heck of a time trying to find comparable instructions for ECR and containerd.

Nice one nana another top delivery from you as always, please would love to see you do videos on how to ensure security of containerized apps in kubernetes and how to optimized kubernetes cluster operations, thanks please keep up the good work

Thanks a lot for sharing your valuable knowledge 🙏

thank you for this video, it helped me a lot with some errors i had and was unable to fix them till i watched and followed your instructions. Thank you again.

This was great help!

i love your tutorials!

Hi Nana,

I am trying to create deployment with following content

deployment_file.yaml
——————————–
apiVersion: apps/v1

kind: Deployment

metadata:

name: flask-deployment

labels:

app: flask

spec:

replicas: 1

selector:

matchLabels:

app: flask

template:

metadata:

labels:

app: flask

spec:

containers:

– name: flask

image: flask-app:v1

ports:

– containerPort: 81

imagePullSecrets:

– name: regcred

And Docker ps command is giving following ouput

Output:
————
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

9c3afb3ad019 flask-app "python3.6 /app/Flas…" 4 weeks ago Up 4 weeks 0.0.0.0:5000->5000/tcp, :::5000->5000/tcp jolly_dubinsky

When i am trying to create deployment, deployment command is working fine, but image pull is failing,
i got the below image from
Command:
——————
kubectl logs <pod-name>

Output:
———-
Error from server (BadRequest): container "flask" in pod "flask-deployment-5ccdbd96d6-p2dnb" is waiting to start: image can't be pulled

I am new to kubernetes, kindly help me on this blocker

Your videos really help! Thanks Nana

What a perfect explanation! I'm learning how to use k8s and docker right now and this video helped me a lot! Thank you!

Many Thanks for creating the video..though this is bit complicated. Still nice explanation.

Is this somehow the command is changed. I couldn't find the "get-login" from ecr command, just get-login-password.

Thanks.. Clear explanation

instead of pull, can we make a push? basically automatic deployment on code push. is it good practice? if yes, then how to trigger k8 for pull?
My guess: runner script should login in k8 and perform apply command. Nana, what you think?

this is way more complex that I tought

Kubectl create deployment –image=xxxxx (how can i put secret here by command line ?)

You know that you are the light in the dark!

What a great explanation, subscribed already!!

Please make video to upgrade certificate in k8s cluster

What about local docker registry on your local machine. I mean if you spin up a registry:2 container for example that will act as your private local registry. The same steps apply?
Thanks

Thank you.

Hi Nana,your videos are great and easy to follow. Is there any video on how to deploy mongoDB statefulset ?

Thank you for this amazing video

Continue to be that wonderful person. Thank you very much for sharing the knowledge 😀

The dockerconfigjson expires every 12 hours, how should we make changes in the secrets so that the we can create deployment without making any changes?

I merged this with Ansible and it worked like a charm! Thank you for saving my week!

Hello Nana, How Kubernetes pull the images from private local docker registry. Could please comment on the same how can we achieve this using private local docker registry in Kubernetes cluster.

Link for setting up private registry: https://docs.docker.com/registry/

NOTE: Not on Mimikube

Hi Nana,
Excellent tutorials. Thank you.

I've created a Private Registry for my local development using Docker's Image :
"docker run -d -p 5000:5000 –restart=always –name registry registry:2"

I did not create TLS or UserName/Pwdd for this.
After creating an Image, I am able to push/pull from this Registry using cmd-line.

However, when trying using a Deployment.yaml into minikube, the Pods are not getting created.
and I get this error:

Failed to pull image "<image-name>": rpc error: code = Unknown desc = Error response from daemon: Get https://<my-registry>/v2/: http: server gave HTTP response to HTTPS client

Do I have to create TLC and Username/Pwd for this to work ?

Thanks.

Please can you make videos on harbor?

You are amazing! thanks to this video I was able to make the gitlab private registry work with the config.json method.
Thank you

Thanks for the great video! This does seem like an overly complicated process in general. But thank you for making this.

And with Podman?

i did exactly the same and i'm getting this error when i describe the pod:

Failed to pull image "registry.gitlab.com/###/###:master": rpc error: code = Unknown desc = Error response from daemon: Get https://registry.gitlab.com/……" denied: access forbidden

i created a GitLab "Deploy token" then created a Secret using your 2nd method (one line way.) , when i use same token in simple Minkube's docker login , i m able to pull the image normally. but when i use kubectl, it's not able to pull it and getting "access forbidden" error.
Ps: everything in same namespace

Nana, just to let you know:

I was facing an issue when trying to pull a image from a private dockerhub repo. I did this in an Openshift 4.3 cluster (not mine, it is a private cluster from the company I work for) exactly how you showed in the video and it works fine! Fun fact: I found your video without even looking for it haha.

I'm already subscribed, I won't dare to miss a video from now on!

Amazing content as always. How do you deal with the case that the ECR logging typically expires after N hours. What’s the recommended practice in that case. Run a cron to update the configmap?

Hello. How will I make Kubernetes automatically pull an image from the private repository if there has been a new image available? 😊 thanks in advance.

how to configure certificates in minikube x509: certificate signed by unknown authority

your videos are awesome…!!!! keep doing the good work …….please add some more videos on kubernetes

Nice subscribed

Can we assign one secret for pulling images in all namesapces ?

Hey nana, found a typo in your git repo with cli commands. Here is the issue https://gitlab.com/nanuchi/kubernetes-tutorial-series-youtube/-/issues/1. Please look into it.

Your videos are great!

I have a issue… I have three Ubuntu servers and I have 12 microservices. One server I created 4 services. One server one compose I configured four services.. I run I'm able register eureka all servixes… Zull gateway I can able to access fst servers but remaining I'm not able to access based on serviceId… Can I tell me where I done mistake