Pull Image from Private Docker Registry in Kubernetes cluster | Demo

49 Comments



This video is a demo of deploying your application image from private docker registry hosted on AWS | Kubernetes pull image from private registry | Kubernetes Docker login

I answer the question of how to get your docker images in your kubernetes cluster from private docker registries?
For images like Mongodb, elastic, that are hosted on docker hub, it’s straightforward because they are hosted in a public repository and anyone can access them. But your own application lives in a private repository and needs explicit access from the cluster. So how do you pull the application images from your private docker repository on kubernetes cluster?

You do that using 2 steps:
1) you create a secret component that contains access token/credentials to your docker registry.
2) you configure your Deployment component to use that secret using a specific imagePullSecrets.
In the video I show you exactly this.

► CLI Commands and YAML Files for this video: https://gitlab.com/nanuchi/kubernetes-tutorial-series-youtube/-/tree/master/pull-images-from-private-reporsitory-in-k8s
► Demo Nodejs app: https://gitlab.com/nanuchi/techworld-js-docker-demo-app

▬▬▬▬▬▬ T I M E S T A M P S
0:00 – Intro – common workflow
1:11 – Steps to pull image from private registry
1:40 – Environment Setup: Private Registry, Application, Minikube
2:42 – Login to AWS Container Repository | docker login and create docker config.json file
8:20 – Create Secret component
15:45 – Configure Deployment component
20:51 – Summary

——————————————————————————————————-
Full Kubernetes and Docker tutorial ► https://bit.ly/2YGeRp9
DevOps Tools, like Ansible ► https://bit.ly/2W9UEq6
Complete K8s Application Setup ► https://youtu.be/EQNO_kM96Mo
Kubernetes Components explained ► https://www.youtube.com/watch?v=Krpb44XR0bk&t=364s

For any questions/issues/feedback, please leave me a comment and I will get back to you as soon as possible. Also please let me know what you want to learn about Docker & Kubernetes or another technology.

#kubernetes #kubernetestutorial #devops #techworldwithnana
——————————————————————————————————-

▬▬▬▬▬▬ Connect with me 👋 ▬▬▬▬▬▬
Join private Facebook group ► https://bit.ly/32UVSZP
Don’t forget to subscribe ► https://bit.ly/3mO4jxT
DEV ► https://bit.ly/3h2fqiO
INSTAGRAM ► https://bit.ly/2F3LXYJ
TWITTER ► https://bit.ly/3i54PUB
LINKEDIN ► https://bit.ly/3hWOLVT

Legal Notice:
Kubernetes and the Kubernetes logo are trademarks or registered trademarks of The Linux Foundation in the United States and/or other countries. The Linux Foundation and other parties may also have trademark rights in other terms used herein. This video is not accredited, certified, affiliated with, nor endorsed by Kubernetes or The Linux Foundation.

source

49 Comments
    • blank
      Prashant
      May 09, 2022 03:06 am Reply

      I am getting an error in k8s cluster saying the "Container image "image/name:v1" already present on machine. How can I delete that image ?

    • blank
      Dario Bcn
      May 09, 2022 03:06 am Reply

      I am stucked at minute 7:26 when you run the docker login command from within Minikube (after you do minikube ssh). I am not using an AWS registry but rather a Nexus OSS in my host machine on port 8082. When I run the docker login command from within minikube as follows:
      docker login host.minikube.internal:8082
      hit enter and in the prompt for user name and password I enter those I get the following error:
      Error response from daemon: Get "https://host.minikube.internal:8082/v2/": http server gave http response to HTTPS client.

      I have tried starting my minikube with (and different version of that with http:// in front):
      minikube start –driver=docker –insecure-registry=host.minikube.internal:8082

      and I still get the same error. It is really frustrating.

      Anyone know how do I get passed that?

    • blank
      Raza Hussain
      May 09, 2022 03:06 am Reply

      Does the login password have a TTL?

    • blank
      Manish Gour
      May 09, 2022 03:06 am Reply

      Thank you Nana that was really very helpful.

    • blank
      Nicole
      May 09, 2022 03:06 am Reply

      Have you got a video about how to pull an image from a public registry?

    • blank
      SP
      May 09, 2022 03:06 am Reply

      Hello @nana, can i download a images from one private docker registry as tar bundle and push it to another private registry with rest api or curl ?
      can you pls support here

    • blank
      Neeraj B V
      May 09, 2022 03:06 am Reply

      After docker pull from a registry, how do we use the image on the local machine in k8s deployment file. IamgePullPolicy = never did not work

    • blank
      Adam Lang
      May 09, 2022 03:06 am Reply

      Big fan of your channel and I recommend it to everyone.

      Your instructions for this are good, but how does this all change when not using Docker for the runtime (the supported containerd for example)? I've been having a heck of a time trying to find comparable instructions for ECR and containerd.

    • blank
      Ayenco Scolfield
      May 09, 2022 03:06 am Reply

      Nice one nana another top delivery from you as always, please would love to see you do videos on how to ensure security of containerized apps in kubernetes and how to optimized kubernetes cluster operations, thanks please keep up the good work

    • blank
      AajKaPlan
      May 09, 2022 03:06 am Reply

      Thanks a lot for sharing your valuable knowledge 🙏

    • blank
      word8word
      May 09, 2022 03:06 am Reply

      thank you for this video, it helped me a lot with some errors i had and was unable to fix them till i watched and followed your instructions. Thank you again.

    • blank
      Tanner Campbell
      May 09, 2022 03:06 am Reply

      This was great help!

    • blank
      Kamal Zakaria
      May 09, 2022 03:06 am Reply

      i love your tutorials!

    • blank
      Pavan kumar
      May 09, 2022 03:06 am Reply

      Hi Nana,

      I am trying to create deployment with following content

      deployment_file.yaml
      ——————————–
      apiVersion: apps/v1

      kind: Deployment

      metadata:

      name: flask-deployment

      labels:

      app: flask

      spec:

      replicas: 1

      selector:

      matchLabels:

      app: flask

      template:

      metadata:

      labels:

      app: flask

      spec:

      containers:

      – name: flask

      image: flask-app:v1

      ports:

      – containerPort: 81

      imagePullSecrets:

      – name: regcred

      And Docker ps command is giving following ouput

      Output:
      ————
      CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES

      9c3afb3ad019 flask-app "python3.6 /app/Flas…" 4 weeks ago Up 4 weeks 0.0.0.0:5000->5000/tcp, :::5000->5000/tcp jolly_dubinsky

      When i am trying to create deployment, deployment command is working fine, but image pull is failing,
      i got the below image from
      Command:
      ——————
      kubectl logs <pod-name>

      Output:
      ———-
      Error from server (BadRequest): container "flask" in pod "flask-deployment-5ccdbd96d6-p2dnb" is waiting to start: image can't be pulled

      I am new to kubernetes, kindly help me on this blocker

    • blank
      way2Science
      May 09, 2022 03:06 am Reply

      Your videos really help! Thanks Nana

    • blank
      Anna Araujo
      May 09, 2022 03:06 am Reply

      What a perfect explanation! I'm learning how to use k8s and docker right now and this video helped me a lot! Thank you!

    • blank
      Lakshay Kamboj
      May 09, 2022 03:06 am Reply

      Many Thanks for creating the video..though this is bit complicated. Still nice explanation.

    • blank
      Low Tech
      May 09, 2022 03:06 am Reply

      Is this somehow the command is changed. I couldn't find the "get-login" from ecr command, just get-login-password.

    • blank
      Ramesh Pattipaka
      May 09, 2022 03:06 am Reply

      Thanks.. Clear explanation

    • blank
      Nish
      May 09, 2022 03:06 am Reply

      instead of pull, can we make a push? basically automatic deployment on code push. is it good practice? if yes, then how to trigger k8 for pull?
      My guess: runner script should login in k8 and perform apply command. Nana, what you think?

    • blank
      Bence Dergez
      May 09, 2022 03:06 am Reply

      this is way more complex that I tought

    • blank
      Jacob
      May 09, 2022 03:06 am Reply

      Kubectl create deployment –image=xxxxx (how can i put secret here by command line ?)

    • blank
      Mam moth
      May 09, 2022 03:06 am Reply

      You know that you are the light in the dark!

    • blank
      Hidayat Irnas
      May 09, 2022 03:06 am Reply

      What a great explanation, subscribed already!!

    • blank
      Bhupathi varma
      May 09, 2022 03:06 am Reply

      Please make video to upgrade certificate in k8s cluster

    • blank
      Abdu Chadili
      May 09, 2022 03:06 am Reply

      What about local docker registry on your local machine. I mean if you spin up a registry:2 container for example that will act as your private local registry. The same steps apply?
      Thanks

    • blank
      Eleonora Lindblom
      May 09, 2022 03:06 am Reply

      Thank you.

    • blank
      sunnycool
      May 09, 2022 03:06 am Reply

      Hi Nana,your videos are great and easy to follow. Is there any video on how to deploy mongoDB statefulset ?

    • blank
      Promise Chukwuenyem
      May 09, 2022 03:06 am Reply

      Thank you for this amazing video

    • blank
      Adilson Menechini
      May 09, 2022 03:06 am Reply

      Continue to be that wonderful person. Thank you very much for sharing the knowledge 😀

    • blank
      Shridhar Shah22
      May 09, 2022 03:06 am Reply

      The dockerconfigjson expires every 12 hours, how should we make changes in the secrets so that the we can create deployment without making any changes?

    • blank
      tayfun
      May 09, 2022 03:06 am Reply

      I merged this with Ansible and it worked like a charm! Thank you for saving my week!

    • blank
      Kedarnath Belavanaki
      May 09, 2022 03:06 am Reply

      Hello Nana, How Kubernetes pull the images from private local docker registry. Could please comment on the same how can we achieve this using private local docker registry in Kubernetes cluster.

      Link for setting up private registry: https://docs.docker.com/registry/

      NOTE: Not on Mimikube

    • blank
      Mario Christopher
      May 09, 2022 03:06 am Reply

      Hi Nana,
      Excellent tutorials. Thank you.

      I've created a Private Registry for my local development using Docker's Image :
      "docker run -d -p 5000:5000 –restart=always –name registry registry:2"

      I did not create TLS or UserName/Pwdd for this.
      After creating an Image, I am able to push/pull from this Registry using cmd-line.

      However, when trying using a Deployment.yaml into minikube, the Pods are not getting created.
      and I get this error:

      Failed to pull image "<image-name>": rpc error: code = Unknown desc = Error response from daemon: Get https://<my-registry>/v2/: http: server gave HTTP response to HTTPS client

      Do I have to create TLC and Username/Pwd for this to work ?

      Thanks.

    • blank
      akshay awate
      May 09, 2022 03:06 am Reply

      Please can you make videos on harbor?

    • blank
      Carolina Luz
      May 09, 2022 03:06 am Reply

      You are amazing! thanks to this video I was able to make the gitlab private registry work with the config.json method.
      Thank you

    • blank
      Rob L
      May 09, 2022 03:06 am Reply

      Thanks for the great video! This does seem like an overly complicated process in general. But thank you for making this.

    • blank
      Raoul Mengis
      May 09, 2022 03:06 am Reply

      And with Podman?

    • blank
      Sami Khammar
      May 09, 2022 03:06 am Reply

      i did exactly the same and i'm getting this error when i describe the pod:

      Failed to pull image "registry.gitlab.com/###/###:master": rpc error: code = Unknown desc = Error response from daemon: Get https://registry.gitlab.com/……" denied: access forbidden

      i created a GitLab "Deploy token" then created a Secret using your 2nd method (one line way.) , when i use same token in simple Minkube's docker login , i m able to pull the image normally. but when i use kubectl, it's not able to pull it and getting "access forbidden" error.
      Ps: everything in same namespace

    • blank
      Mário Azevedo
      May 09, 2022 03:06 am Reply

      Nana, just to let you know:

      I was facing an issue when trying to pull a image from a private dockerhub repo. I did this in an Openshift 4.3 cluster (not mine, it is a private cluster from the company I work for) exactly how you showed in the video and it works fine! Fun fact: I found your video without even looking for it haha.

      I'm already subscribed, I won't dare to miss a video from now on!

    • blank
      Amapramaadhy
      May 09, 2022 03:06 am Reply

      Amazing content as always. How do you deal with the case that the ECR logging typically expires after N hours. What’s the recommended practice in that case. Run a cron to update the configmap?

    • blank
      Paolo Polendey
      May 09, 2022 03:06 am Reply

      Hello. How will I make Kubernetes automatically pull an image from the private repository if there has been a new image available? 😊 thanks in advance.

    • blank
      Atul Chahande
      May 09, 2022 03:06 am Reply

      how to configure certificates in minikube x509: certificate signed by unknown authority

    • blank
      Dhaval Shah
      May 09, 2022 03:06 am Reply

      your videos are awesome…!!!! keep doing the good work …….please add some more videos on kubernetes

    • blank
      Adam Dost
      May 09, 2022 03:06 am Reply

      Nice subscribed

    • blank
      Vipin G S
      May 09, 2022 03:06 am Reply

      Can we assign one secret for pulling images in all namesapces ?

    • blank
      Vinodh Reddy
      May 09, 2022 03:06 am Reply

      I have a issue… I have three Ubuntu servers and I have 12 microservices. One server I created 4 services. One server one compose I configured four services.. I run I'm able register eureka all servixes… Zull gateway I can able to access fst servers but remaining I'm not able to access based on serviceId… Can I tell me where I done mistake

Leave us a comment