Why can't my kubernetes cluster in GKE pull from gcr.io?

3/6/2019

As part of my deployment process, I create a cluster, I log in to gcr.io, and I publish images there.

My pods fail to deploy because the images used by the containers cannot be accessed. They are definitely there. What's confusing me is, what service account is the kubenetes cluster using to access gcr.io? I would have thought it's the same one that I use to create the cluster, which should have access rights to gcr.io.

How do I see what service account my cluster uses? How do I grant permission for it to access gcr.io?

-- Andy
google-container-registry
google-kubernetes-engine

1 Answer

3/6/2019

If you want to add private repo access to a service account use this guide. You will need to create registry credential secret and patch the correct service account with it:

kubectl patch serviceaccount default -p '{"imagePullSecrets": [{"name": "myregistrykey"}]}'

If you want to add access to private registry on a Deployment/Pod level use this guide:

add regcred secret:

kubectl create secret docker-registry regcred --docker-server=<your-registry-server> --docker-username=<your-name> --docker-password=<your-pword> --docker-email=<your-email>

allow access to your Pod/Deployment:

apiVersion: v1
kind: Pod
metadata:
  name: private-reg
spec:
  containers:
  - name: private-reg-container
    image: <your-private-image>
  imagePullSecrets:
  - name: regcred
-- Amityo
Source: StackOverflow