K
Q

How to deploy private organization image from docker hub to kubernetes

3/5/2019

Current Situation

I have a Kubernetes cluster created on DigitalOcean. I want to deploy a Docker image that is hosted in a private that in turn belongs to an organization in Docker Hub.

  • Docker Hub organization name (sample): myorg
  • Docker Hub repository name (sample): myorg/mo-server

So in order to push a new image I use docker push myorg/mo-server

(Note: The example above contains a dash (-) in the name of the image which I have in the real name as well)

Problem

When I try to deploy that docker image to kubernetes using kubectl the deployment always ends up in status ErrImagePull. Error message:

ailed to pull image "index.docker.io/myorg/mo-server": rpc error: code = Unknown desc = Error response from daemon: pull access denied for myorg/mo-server, repository does not exist or may require 'docker login'

What I tried so far

Because it is a private repository I'm creating a secret beforehand. For this, I'm using the username and E-Mail of myself.

set DOCKER_REGISTRY_SERVER=https://index.docker.io/v1/
set DOCKER_USER=sarensw
set DOCKER_EMAIL=stephan@myorg.com
set DOCKER_PASSWORD=...

The credentials are the same as when I use docker login. Then I create a secret using:

kubectl create secret docker-registry regcred 
  --docker-server=%DOCKER_REGISTRY_SERVER% 
  --docker-username=%DOCKER_USER% 
  --docker-password=%DOCKER_PASSWORD% 
  --docker-email=%DOCKER_EMAIL%

Then, I use kubectl create to create a new deployment.

kubectl create -f ci\helper\kub-deploy-staging.yaml

kub-deploy-staging.yaml looks as follows:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: mo-server
spec:
  replicas: 1
  selector:
    matchLabels:
      app: mo-server
  template:
    metadata:
      labels:
        app: mo-server
    spec:
      containers:
        - name: mo-server
          image: index.docker.io/myorg/mo-server
          imagePullPolicy: Always
          command: [ "echo", "SUCCESS" ]
      imagePullSecrets:
        - name: regcred

The result is ErrImagePull as described above.

I'm pretty sure that the image: index.docker.io/myorg/mo-server is the culprit because it is an organization image that I try to use with a normal account. And all the tutorials for accessing a private image do not take organizations into account.

So what am I doing wrong?

(one of many similar) references: https://gist.github.com/rkuzsma/b9a0e342c56479f5e58d654b1341f01e

-- Stephan
docker
dockerhub
kubernetes

Similar Questions

ExternalIP for service is always pending
K8S - Ingress - Route 2 different applications
Kubernetes - Have an ingress on a service - is it ok for its type to be ClusterIP
How do I set up an envoy proxy in Minikube for a gRPC service?
Why ingress-nginx-controller pod always establishes IPv4 TCP connection to endpoint?
Why I can't access my application inside Kubernetes cluster through tomcat server?

2 Answers

3/5/2019

I suspect this happens because of the docker registry variable with which you have created your secret, please try substituting index.docker.io with registry.hub.docker.com as this is the official dockerhub registry URL. If you are using Google cloud you can also try docker.io

-- Sven Hakvoort
Source: StackOverflow
3/5/2019

As I see you are trying to set your variable with "set" command, and please try now with "export" as in mentioned in gist file that you follow

export DOCKER_REGISTRY_SERVER=https://index.docker.io/v1/
export DOCKER_USER=Type your dockerhub username, same as when you `docker login`
export DOCKER_EMAIL=Type your dockerhub email, same as when you `docker login`
export DOCKER_PASSWORD=Type your dockerhub pw, same as when you `docker login`

kubectl create secret docker-registry myregistrykey \
  --docker-server=$DOCKER_REGISTRY_SERVER \
  --docker-username=$DOCKER_USER \
  --docker-password=$DOCKER_PASSWORD \
  --docker-email=$DOCKER_EMAIL

Then try again and let us know the result please.

-- coolinuxoid
Source: StackOverflow