Configure MicroK8s Containerd to Authenticate with Docker Hub Remote Private Registry

Share with:


I’ve been working with MicroK8s for a few weeks now, and I have been struggling to configure the cluster to pull my private images from Docker Hub. Posting a quick walk through to help others.

MicroK8s uses containerd to manage the fetching of images. And this has not been integrated with K8s such that you can create the usual docker-registry secret to configure registry authentication. To configure containerd you will need to modify the containerd.toml file to include the auth token from your local docker configuration. You can also configure the user name and password directly in the file but I would recommend using the auth token as a more secure way to go.

First, if you haven’t already done so, login to your Docker account using the Docker CLI. This will insert your authentication token into the ~/.docker/config.json file in your home directory. It should look something like the following. The auth token is the value associated with the “auth” key. You’ll need the auth token in the next step to configure containerd.

"auths": {
	"https://index.docker.io/v1/": {
		"auth": "bWF3dDQwNDp7HE0zYlxOUjkjWCSwNTk="
	}
}...

This part needs to be performed on each node in the cluster. Find the containerd configuration file at /var/snap/microk8s/current/args/containerd-template.toml. Add the following lines to the end of the file, but be sure to swap out your auth token before doing so.

    [plugins."io.containerd.grpc.v1.cri".registry.configs]
      [plugins."io.containerd.grpc.v1.cri".registry.configs."docker.io".auth]
        auth = "PASTE_AUTH_TOKEN_HERE"

Now you can pull private images from your Docker Hub repo, happy container building!

MicroK8s documentation for reference:

https://github.com/containerd/containerd/blob/main/docs/cri/registry.md

Share with:


Leave a Reply

Your email address will not be published. Required fields are marked *

*


The reCAPTCHA verification period has expired. Please reload the page.