Deploying “Private DockerHub repositories” on a Kubernetes cluster
Creating Docker images, deploying containers and orchestrating them is the order of the day. While most of us are familiar with creating public docker images and deploying them in orchestration platforms like Kubernetes, most organizations store proprietary docker images in private registries. While its fairly easy to deploy public docker images to Kubernetes, there are some additional configurations and steps involved when dealing with private images. The intent of this article is to elaborate the steps involved in deploying private images stored in DockerHub in Kubernetes.
A simple web application can be used as reference for creating docker image and pushing to docker registry. Once the docker image is built push the image to DockerHub and mark the same as private. On a free tier account in DockerHub, we can mark one repository as private, for demonstration / test purpose
Pre-requisites
Before we begin configuration and steps needed for private registry of DockerHub, we need to have the following in place
- An account in hub.docker.com with appropriate username and password
- A simple application, containerized, pushed to docker hub and marked private
- A Kubernetes cluster and kubectl command-line tool must be configured for communicating within the cluster. If you do not already have a cluster, you can create one by using Minikube, or you can use one of these Kubernetes playgrounds like Katacoda, Play with Kubernetes etc.
Deploying Public Image in DockerHub Registry
Kubernetes deploys containers as POD. The deployments are in general based on a “pull” approach. When a container ( containerized app) is to be deployed in a Kubernetes cluster, the container itself is not uploaded to the cluster. Instead, it will pull the docker images to the nodes on its own based on the specification in the deployment YAML file. For example to deploy a container in public registry, the YAML specification will be as follows.
Deploying Private Image in DockerHub Registry
When images are marked private in container registry, we need to authenticate our self first by performing
$ docker login
with a username and password. A “config.json” file with an authorization token is created / updated in ~/.docker/config.json. The file can be opened and viewed. If we use a docker credentials store, instead of auth section. credstore details will be present.
To deploy the private image, the first step is to create a Secret . A Kubernetes cluster uses the secret of docker-registry to authenticate with a container registry to pull an image. The output of above command can be used to create secrets using kubectl command as follows
$ kubectl create secret generic regcred — from-file=.dockerconfigjson=~/.docker/config.json — type = kubernetes.io/dockerconfigjson
A word of caution. We need to be sure to create the secret in the namespace in which the application will run as the secrets are specific to a namespace. If we need to deploy to multiple namespaces we need to create a secret for every namespace. With the above command we have successfully set our Docker credentials as a Secret called regcred in the cluster.
Now we can create deployment using the secret generated above and configuring “imagePullSecrets” in the “spec” section of the deployment and the YAML file will be as follows
On performing “kubectl create -f MyDeployment.yml” deployments will get created. “kubectl get pods” should return the POD is in “Running” state. Also deploy a service and verify that you are able to successfully launch the application
Git Repository
Reference: https://github.com/poornima1980/MyFirstWebApp can be used for reference application