MicroK8s offers a small and efficient option for running Kubernetes clusters. This is great for software development because it opens up cheap and comparatively easy ways for development teams to bootstrap containerized environments. For example, MicroK8s works well with the Raspberry Pi 4 8Gb model, for more about this see my post on Building Microk8s Clusters with Raspbery Pi 4 and Solid State Drives.
In this post I will share another method for authenticating to remote private Docker registries. Out of the box, MicroK8s will work with Docker Hub and can download public images by default. But you’ll need to configure authentication if you want to download private images to your local MicroK8s cluster. Please note, this approach differs from the one I wrote about here, which requires updates to the containerd configuration on each k8s node. The outcome is the same, the primary difference is the setup. I like this approach better because I only need to import the secret once, from any node, and it auto-replicates to all nodes.
At a high level, this is done in three steps:
- Login to Docker CLI
- Generate the Kubernetes secret from Docker authentication token
- Update the Kubernetes deployment yaml to reference the secret
First, using the Docker CLI, run the “docker login” command and provide the desired credentials. This creates a file at ~/.docker/config.json
which contains the associated authentication token.
Next, copy the config.json file to host where kubectl is installed. Run the following command to import the config.json to be stored as a secret in Kubernetes. Update the “conifg.json” path to point to the local copy.
kubectl create secret generic regcred \
--from-file=.dockerconfigjson=config.json \
--type=kubernetes.io/dockerconfigjson
The cluster is now configured to authenticate remotely, the last step is to update the deployment configuration to reference the secret. In the yaml definition of the deployment, add the reference to ‘imagePullSecrets’ as follows, it should be at the same level as the ‘containers’ definition.
...
spec:
imagePullSecrets:
- name: regcred
containers:
...
Now you can reference private images on Docker Hub, enjoy!