Technotes for future me

Pull an Image from a Private Registry

This page shows how to create a Pod that uses a Secret to pull an image from a private Docker registry or repository.

Log in to Docker

authenticate with a registry in order to pull a private image:

docker login

The login process creates or updates a config.json file that holds an authorization token.

View the config.json file:

cat ~/.docker/config.json

The output contains a section similar to this:

    "auths": {
        "": {
            "auth": "c3R...zE2"

Create a Secret based on existing Docker credentials

A Kubernetes cluster uses the Secret of type to authenticate with a container registry to pull a private image.

If you already ran docker login, you can copy that credential into Kubernetes:

kubectl create secret generic regcred \
    --from-file=.dockerconfigjson=<path/to/.docker/config.json> \


Last updated on 9 Jun 2021
Published on 25 May 2021
Edit on GitHub