Create a Service using a private image

To create a Service using a private image, you must create and reference the corresponding secret. We recommend that you reference the secret by adding an imagePullSecrets section. For more information about imagePullSecrets, see Creating a Secret with a Docker config. The following sections describe how to create and reference a secret.

Create a secret by running the kubectl command

$ kubectl create secret docker-registry myregistrykey --docker-server=DOCKER_REGISTRY_SERVER --docker-username=DOCKER_USER --docker-password=DOCKER_PASSWORD --docker-email=DOCKER_EMAIL --namespace=NAMESPACE
secret "myregistrykey" created

Notes:

——myregistrykey: the user-defined name of the secret.

——docker-service: the address of the image registry.

——docker-username: the username used to log in to the image registry.

——docker-password: the password used to log in to the image registry.

——docker-email: the email address.

——namespace: the namespace where you want to create a secret.

Reference imagePullSecrets in a pod

When you create a pod, add the imagePullSecrets section to the pod definition to reference the created secret.

apiVersion: v1
kind: Pod
metadata:
  name: test
  namespace: default
spec:
  containers:
    - name: test
      image: hub.kce.ksyun.com/namespace/test:v1
  imagePullSecrets:
    - name: myregistrykey

Notes:
The preceding operations are required for all pods using private images.
A pod can reference only the imagePullSecrets in the same namespace. Therefore, each namespace must be configured.