Pull from a private registry

How to pull an image from a private registry

Sometimes, you need to access an image stored in a private registry, such as ghcr.io, which requires authentication.

1. Log in to the registry docker login ghcr.io -u <gh-username> -p <access-token>
2. Locate your Docker config file: the configuration is usually stored in ~/.docker/config.json. If it doesn’t exist, you can create it manually:

   {
   	"auths": {
   		"ghcr.io": {},
   	}
   }

3. Add the auth attribute to the registry entry: The value must be a base64-encoded string of "username:password".

   {
   	"auths": {
   		"ghcr.io": {
   			"auth": "dXNlcm5hbWU6cGFzc3dvcmQ=" // value from `echo -n 'username:password' | base64`
   		}
   	}
   }

4. Encode the entire file in base64: cat config.json | base64
5. Create a Kubernetes Secret using the encoded config: Save the base64-encoded value in a Secret manifest:

   apiVersion: v1
   Kind: Secret
   type: kubernetes.io/dockerconfigjson
   metadata:
   	name: ghcr-pull-secret
   	namespace: formtion
   data:
     .dockerconfigjson: <base64-encoded-config-file> # set here your base64 encoded config.json

6. save the manifest kubectl apply -f ghcr-pull-secret.yaml

Source

• kubernetes.io - pull from private registry