How can you use a private gitlab container registry to pull an image in kubernetes?

Question

I have a private docker registry hosted on gitlab and I would like to use this repository to pull images for my local kubernetes cluster:

NAME                 TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)   AGE
service/kubernetes   ClusterIP   10.96.0.1    <none>        443/TCP   68m

K8s is on v1.22.5 and is a single-node cluster that comes 'out of the box' with Docker Desktop. I have already built and deployed an image to the gitlab container registry registry.gitlab.com. What I have done already:

1. Executed the command docker login -u <username> -p <password> registry.gitlab.com
2. Modified the ~/.docker/config.json file to the following:

   {
       "auths": {
           "registry.gitlab.com": {}
       },
       "credsStore": "osxkeychain"
   }
   

3. Created and deployed a secret to the cluster with the file:

   apiVersion: v1
   kind: Secret
   metadata:
     name: registry-key
   data:
     .dockerconfigjson: <base-64-encoded-.config.json-file>
   type: kubernetes.io/dockerconfigjson
   

4. Deployed an app with the following file:

   apiVersion: apps/v1
   kind: Deployment
   metadata:
     name: test-deployment 
     labels:
       app: test-app
   spec:
     replicas: 1
     selector:
       matchLabels:
         app: test-app
     template:
       metadata:
         labels:
           app: test-app
       spec:
         imagePullSecrets:
         - name: registry-key
         containers:
         - name: test-app
           image: registry.gitlab.com/<image-name>:latest
           imagePullPolicy: Always
           ports:
           - containerPort: 80
   

---

The deployment is created successfully but upon inspection of the pod (kubectl describe pod) I find the following events:

Events:
  Type     Reason     Age               From               Message
  ----     ------     ----              ----               -------
  Normal   Scheduled  21s               default-scheduler  Successfully assigned default/test-deployment-87b5747b5-xdsl9 to docker-desktop
  Normal   BackOff    19s               kubelet            Back-off pulling image "registry.gitlab.com/<image-name>:latest"
  Warning  Failed     19s               kubelet            Error: ImagePullBackOff
  Normal   Pulling    7s (x2 over 20s)  kubelet            Pulling image "registry.gitlab.com/<image-name>:latest"
  Warning  Failed     7s (x2 over 19s)  kubelet            Failed to pull image "registry.gitlab.com/<image-name>:latest": rpc error: code = Unknown desc = Error response from daemon: Head "https://registry.gitlab.com/v2/<image-name>/manifests/latest": denied: access forbidden
  Warning  Failed     7s (x2 over 19s)  kubelet            Error: ErrImagePull

---

Please provide any information that might be causing these errors.

Answer 1

I managed to solve the issue by editing the default config.json produced by $ docker login:

{
    "auths": {
        "registry.gitlab.com": {}
    },
    "credsStore": "osxkeychain"
}

becomes

{
    "auths": {
        "registry.gitlab.com": {
            "auth":"<access-token-in-plain-text>"
        }
    }
}

Thanks Bala for suggesting this in the comments. I realise storing the access token in plain text in the file may not be secure but this can be changed to use a path if needed.

I also created the secret as per OzzieFZI's suggestion:

$ kubectl create secret docker-registry registry-key \
  --docker-server=registry.gitlab.com \
  --docker-username=<username> \
  --docker-password="$(cat /path/to/token.txt)"