Use an Image from the Local Docker Registry in a Container SpecΒΆ

When creating a pod spec or a deployment spec that uses an image from the local docker registry, you must use the full image name, including the registry, and specify an imagePullSecret with your keystone credentials.

About this task

Note

If the credentials of a Keystone user is changed, you must change the credentials stored in your imagePullSecret for the same user. Failure to do so will cause docker to authenticate with Keystone using the old credentials, and locking the Keystone user account due to too many incorrect login attempts.

This example procedure assumes that testuser/busybox:latest container image has been pushed to the local docker registry.

Procedure

  1. Create a secret with credentials for the local docker registry.

    % kubectl create secret docker-registry testuser-registry-secret --docker-server=registry.local:9001 --docker-username=testuser --docker-password=<testuserPassword> --docker-email=noreply@windriver.com
    
  2. Create a configuration for the busybox container.

    % cat <<EOF > busybox.yaml
    apiVersion: apps/v1
    kind: Deployment
    metadata:
      name: busybox
      namespace: default
    spec:
      progressDeadlineSeconds: 600
      replicas: 1
      selector:
        matchLabels:
          run: busybox
      template:
        metadata:
          labels:
            run: busybox
        spec:
          containers:
          - args:
            - sh
            image: registry.local:9001/testuser/busybox:latest
            imagePullPolicy: Always
            name: busybox
            stdin: true
            tty: true
          restartPolicy: Always
          imagePullSecrets:
          - name: testuser-registry-secret
    EOF
    
  3. Apply the configuration created in the busybox.yaml file.

    % kubectl apply -f busybox.yaml
    

    This will launch the busybox deployment using the image in the local docker registry and specifying the testuser-registry-secret for authentication and authorization with the registry.