kubernetes google-kubernetes-engine google-container-registry kubelet

How to access gcloud private repository on on-premise kubernetes cluster?

We are having kubernetes cluster which is running on-premise & we having GCR private repository. So how we can access that private repository to my on-premise kubernetes cluster, As I know we can do using gcloud-sdk but it won't be possible to install gcloud-sdk on every node of kubernetes cluster.

Solution

We used to deploy pods on azure AKS cluster and images used to be from GCR. these are the steps we follow.

Create a service account in gcloud with permissions to gcr.
Create keys for the service account.
Add kubectl secret.
Use secret in yaml

gcloud iam service-accounts keys create gcr-docker-cred.json --iam-account=service-account-name@project-id.iam.gserviceaccount.com

Add kubectl secret.

kubectl create secret docker-registry gcriosecret --docker-server=https://gcr.io --docker-username=_json_key --docker-email=user@example.com --docker-password="$(cat gcr-docker-cred.json)"

Use secret in yaml

imagePullSecrets: - name: gcriosecret

this blog might be a good help