DEV Community

Cover image for How to use Kubernetes Secret to pull private Docker Images from DockerHub
AWS Community Builders profile image Usman Ahmad
Usman Ahmad for AWS Community Builders

Posted on

How to use Kubernetes Secret to pull private Docker Images from DockerHub

#kubernetes #security

In this article, you will learn how we pull the private docker image from DockerHub using Kubernetes Secret and create a Kubernetes Pod from the docker private image.

Docker Hub:

Docker Hub is a hosted repository service provided by Docker for finding and sharing container images with your team. Key features include Private Repositories: Push and pull container images. Automated Builds: Automatically build container images from GitHub and Bitbucket and push them to Docker Hub.

Kubernetes Secrets:

A Secret is an object that contains a small amount of sensitive data such as a password, a token, or a key. Such information might otherwise be put in a Pod specification or in a container image. Using a Secret means that you don’t need to include confidential data in your application code.

Example:

To use a secret to pull a private image from a container registry, you can create a “imagePullSecrets” field in your deployment or pod YAML file. Here’s an example:

Step1: Create a secret

kubectl create secret docker-registry my-registry-secret \
— docker-username=DOCKER_USER \
— docker-password=DOCKER_PASSWORD \
— docker-email=DOCKER_EMAIL

Replace the DOCKER_REGISTRY_SERVER, DOCKER_USER, DOCKER_PASSWORD, and DOCKER_EMAIL with your container registry server address, username, password, and email respectively.

My secret screenshot

Created secret

Step2: My Dockerhub account, where I have my private docker image

Screenshot of my Dockerhub account

Step3: Create a deployment file with “imagePullSecrets”

Modify your deployment or pod YAML file to include the imagePullSecrets field:

Here I am pulling my own private Docker Image from Docker Hub

In this example, we added the imagePullSecrets field to the deployment YAML file, and set the value to the name of the secret we created in step 1 (my-registry-secret). Kubernetes will use this secret to authenticate with the container registry when pulling the private-registry/my-image image.

When you apply the modified YAML file to your cluster, Kubernetes will use the specified secret to authenticate with the container registry and pull the private image.

Step4: Final result

For this article I am using “minikube” cluster, so you can see that before creating the deployment we don’t have the docker image “usm87/jenkins-cicd-maven-project:v4”

Docker Images

Kubernetes Deployment file

After creating the deployment, below are the Pod event logs

Event Logs of Pod

Final Result of Docker Images

Now you can see we have the docker image “usm87/jenkins-cicd-maven-project:v4” pulled from the docker hub successfully.

Top comments (0)

Read next

guiqui profile image

Pod Security with K8Studio

Guillermo Quiros -

depp57 profile image

Kubernetes homelab - Learning by doing, Part 6: Automation

Sacha Thommet -

nikolapopov profile image

Threat Modeling for Non-Security Experts

Nikola Popov -

iamsherif profile image

Schema Validation in Amazon DynamoDB

iAmSherif 💎 -