We are having kubernetes cluster which is running on-premise & we having GCR private repository. So how we can access that private repository to my on-premise kubernetes cluster, As I know we can do using gcloud-sdk but it won't be possible to install gcloud-sdk on every node of kubernetes cluster.
We used to deploy pods on azure AKS cluster and images used to be from GCR. these are the steps we follow.
gcloud iam service-accounts keys create gcr-docker-cred.json --iam-account=service-account-name@project-id.iam.gserviceaccount.com
Add kubectl secret.
kubectl create secret docker-registry gcriosecret --docker-server=https://gcr.io --docker-username=_json_key --docker-email=user@example.com --docker-password="$(cat gcr-docker-cred.json)"
Use secret in yaml
imagePullSecrets: - name: gcriosecret
this blog might be a good help
Kubernetes clusters running on GKE or GCE have native support for accessing the container registry and need no further configuration.
As you mentioned that you are running an on premises cluster you are not running any of these and only use the container registry from GCP, so, while I haven't had the chance to test this (I don't have a cluster outside Google Cloud) the process shouldn't be different than the process for pulling an image from a private registry.
In your case you can create a secret with the auth credentials for the gcr.io registry like this:
kubectl create secret docker-registry regcred --docker-server=<your-registry-server> --docker-username=<your-name> --docker-password=<your-pword> --docker-email=<your-email>
your-registry-server in this case will probably be https://gcr.io/[your-project-id]
When you have created the secret named regcred
you can configure pods to use it for pulling the desired image from the registry adding an imagePullSecrets
like this :
apiVersion: v1
kind: Pod
metadata:
name: private-reg
spec:
containers:
- name: private-reg-container
image: [The image you want to pull]
imagePullSecrets:
- name: regcred
Then you can test if the image is correctly pulled by deploying this pod:
kubectl create -f [your pod yaml]
Waiting for the pod to be created and then describing the pod with kubectl describe pod private-reg
and seeing an event sequence similar to:
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 4m default-scheduler Successfully assigned private-reg to gke-cluster-22-default-pool-e7830b6c-pxmt
Normal Pulling 4m kubelet, gke-cluster-22-default-pool-e7830b6c-pxmt pulling image "gcr.io/XXX/XXX:latest"
Normal Pulled 3m kubelet, gke-cluster-22-default-pool-e7830b6c-pxmt Successfully pulled image ""gcr.io/XXX/XXX:latest"
Normal Created 3m kubelet, gke-cluster-22-default-pool-e7830b6c-pxmt Created container
Normal Started 3m kubelet, gke-cluster-22-default-pool-e7830b6c-pxmt Started container