When we specify an image name in the K8s manifest file, it has three parts: registry/user-account/image-repository. If the registry is not specified, by default it is docker.io. If the user-account is not specified, by default it is library. Image repositories under the library user account are built with best practices and are maintained by a dedicated team.
To use a container image from a private repository, create a secret object of type docker-registry with the registry credentials. Use this secret as imagePullSecrets in the pod definition.
kubectl create secret docker-registry regred \\
--docker-server=private-registry.io
--docker-username=registry-user \\
--docker-password=registry-password \\
[email protected]
apiVersion: v1
kind: Pod
metadata:
name: webapp
spec:
containers:
- name: nginx
image: private-registry.io/apps/webapp
imagePullSecrets:
- name: regcred