By some reason Kubernetes cannot pull an image from my private account on Docker Hub. I tried all possible ways of creating a secret (from config.json, by providing credentials directly on command line) but still no success.
Last time I did docker login
and executed the following command to create the secret:
kubectl create secret docker-registry dockerhub-credentials --from-file=.dockerconfigjson=/home/myuser/.docker/config.json
Also tried the following command (which is same but I thought there might be a bug in kubectl
that doesn't recognize parameters correctly:
kubectl create secret generic dockerhub-credentials --from-file=.dockerconfigjson=/home/myuser/.docker/config.json --type=kubernetes.io/dockerconfigjson
After the deployment I can see the following in the pod's YAML file:
spec:
volumes:
...
containers:
- name: container-name
image: 'username/projects:web_api_123'
ports:
- containerPort: 80
protocol: TCP
...
imagePullPolicy: IfNotPresent
...
imagePullSecrets:
- name: dockerhub-credentials
An image name is correct (I verified) and a secret with Docker Hub credentials was correctly assigned to my POD. I even patched default service account! But it still doesn't work.
OK, the problem lies in namespaces: all my deployments, pods, services, etc. live inside a separate namespace BUT command that creates a secret does in 'default' namespace.
By some reason, I thought that these secrets in 'default' namespace are visible from another namespace, which is not the case. So, if you want to create a docker config secret, you will have to do it using YAML:
kind: Secret
apiVersion: v1
metadata:
name: dockerhub-credentials
namespace: your-namespace
data:
.dockerconfigjson: base64-encoded-/.docker/config.json
type: kubernetes.io/dockerconfigjson