I have a Kubernetes cluster setup with K3s and I want to pull from the registry located at hub.docker.com. This is no problem when trying to pull public images, but when I am trying to pull the private images from hub.docker.com. It can't find them.
I already tried and create a secret regcred
with my Docker login information (see here) and added it with the imagePullSecrets
. But that doesn't seem to work.
How can I tell my K3s cluster to authenticate with the private part of hub.docker.com allowing me to pull private images in a Deployment?
Thanks
Here is my full manifest:
apiVersion: v1
kind: Namespace
metadata:
name: example
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: example
namespace: example
spec:
replicas: 2
selector:
matchLabels:
app: example
template:
metadata:
labels:
app: example
spec:
containers:
- name: example
image: example/example:latest
ports:
- containerPort: 80
imagePullPolicy: Always
imagePullSecrets:
- name: regcred
---
apiVersion: v1
kind: Service
metadata:
name: example
namespace: example
spec:
ports:
- port: 80
targetPort: 80
name: tcp
selector:
app: example
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: example
namespace: example
annotations:
kubernetes.io/ingress.class: "traefik"
kubernetes.io/tls-acme: "true"
ingress.kubernetes.io/ssl-redirect: "true"
ingress.kubernetes.io/ssl-temporary-redirect: "true"
ingress.kubernetes.io/ssl-host: "example.com"
traefik.frontend.rule.type: PathPrefixStrip
traefik.ingress.kubernetes.io/redirect-regex: "^https://example.com(.*)"
traefik.ingress.kubernetes.io/redirect-replacement: "https://www.example.com/$1"
spec:
rules:
- host: "example.com"
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: example
port:
number: 80
- host: "www.example.com"
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: example
port:
number: 80
Regcred is looking like this:
{"auths":{"https://index.docker.io/v1/":{"username":"example","password":"secret","email":"[email protected]","auth":"dm...g5"}}}%
Pod status:
NAME READY STATUS RESTARTS AGE
example-688b97d5d7-q9ngl 0/1 ImagePullBackOff 0 101s
When running the command kubectl describe pod example-688b97d5d7-q9ngl
gives me:
Failed to pull image "example/example:latest": rpc error: code = Unknown desc = failed to pull and unpack image "docker.io/example/example:latest": failed to resolve reference "docker.io/example/example:latest": pull access denied, repository does not exist or may require authorization: server message: insufficient_scope: authorization failed
Thanks for all the help everyone. The problem was that I didn't create the regcred
secret for the specific namespace. When I did that, everything worked instantly.