Kubernetes | Use a private Docker registry with Minikube
  1. Notes
  2. Install Docker registry certificate into Minikube
  3. Create the registry credentials secret (default namespace)
  4. Test Docker registry with Minikube
  1. Notes
    See this page for more details on how to Pull an Image from a Private Registry: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/

    See this page for details on how to configure a private Docker registry: Set up a private Docker registry (Ubuntu)
  2. Install Docker registry certificate into Minikube
    Set a variable with the path of the Docker registry certificate:
    $ DOCKER_REGISTRY_CERTIFICATE_PATH=~/registry/registry.crt
    Set a variable with the host ip address and port of the Docker registry:
    $ DOCKER_REGISTRY=192.168.2.22:5000
    Install Docker registry certificate into Minikube:
    $ cat $DOCKER_REGISTRY_CERTIFICATE_PATH | minikube ssh "sudo mkdir -p /etc/docker/certs.d/$DOCKER_REGISTRY && sudo tee /etc/docker/certs.d/$DOCKER_REGISTRY/ca.crt"
    -----BEGIN CERTIFICATE-----
MIIFIDCCAwigAwIBAgIUfIh/TnW6fLW3E6kpNdZhQ4GECsIwDQYJKoZIhvcNAQEL
...
URdSW+SPvJEUafqsGuMrlj70Y3U=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFIDCCAwigAwIBAgIUfIh/TnW6fLW3E6kpNdZhQ4GECsIwDQYJKoZIhvcNAQEL
...
URdSW+SPvJEUafqsGuMrlj70Y3U=
-----END CERTIFICATE-----
^C
    Type ^C to exit.
  3. Create the registry credentials secret (default namespace)
    Create the registry credentials secret:
    $ kubectl create secret docker-registry registry-credentials \
    --docker-server=192.168.2.22:5000 \
    --docker-username=admin \
    --docker-password=admin
    secret/registry-credentials created
    Verify secret creation:
    $ kubectl get secret registry-credentials
    NAME                   TYPE                             DATA   AGE
registry-credentials   kubernetes.io/dockerconfigjson   1      5m33s
    $ kubectl get secret registry-credentials --output="jsonpath={.data.\.dockerconfigjson}" | base64 --decode
    {
  "auths": {
    "192.168.2.22:5000": {
      "username": "admin",
      "password": "admin",
      "auth": "YWRtaW46YWRtaW4="
    }
  }
}
    $ echo "YWRtaW46YWRtaW4=" | base64 --decode
    admin:admin
  4. Test Docker registry with Minikube
    • Make sure you have logged in to the registry:
      $ docker login 192.168.2.22:5000
    • Let's tag an existing image:k8s.gcr.io/echoserver:1.4:
      $ docker pull k8s.gcr.io/echoserver:1.4
      $ docker tag k8s.gcr.io/echoserver:1.4 192.168.2.22:5000/local_echoserver:1.4
    • Push the image to registry:
      $ docker push 192.168.2.22:5000/local_echoserver:1.4
      The push refers to repository [192.168.2.22:5000/local_echoserver]
...
6cc9890d69b6: Pushed
1.4: digest: sha256:6eb2f60a3ca84e3c6c17c9a5a34dbd4f75ff1a1088011d118f5e53626db1ddb7 size: 2602
    • Create a deployment: echo-server.yaml
      $ vi echo-server.yaml
      apiVersion: apps/v1
kind: Deployment
metadata:
  name: echo-server
spec:
  selector:
    matchLabels:
      app: echo-server
  template:
    metadata:
      labels:
        app: echo-server
    spec:
      containers:
      - name: echo-server
        image: 192.168.2.22:5000/local_echoserver:1.4
      imagePullSecrets:
      - name: registry-credentials
      Note the usage of imagePullSecrets (the authorization token) that references the secret that stores the credentials that are used to access the Docker registry.

    • Deploy echo-server.yaml:
      $ kubectl apply -f echo-server.yaml
      deployment.apps/echo-server created
    • Print events:
      $ kubectl get events
      
LAST SEEN   TYPE      REASON              OBJECT                            MESSAGE
27s         Normal    Scheduled           pod/echo-server-d855cd55-9sg2s    Successfully assigned default/echo-server-d855cd55-9sg2s to minikube
26s         Normal    Pulling             pod/echo-server-d855cd55-9sg2s    Pulling image "192.168.2.22:5000/local_echoserver:1.4"
22s         Normal    Pulled              pod/echo-server-d855cd55-9sg2s    Successfully pulled image "192.168.2.22:5000/local_echoserver:1.4"
22s         Normal    Created             pod/echo-server-d855cd55-9sg2s    Created container echo-server
22s         Normal    Started             pod/echo-server-d855cd55-9sg2s    Started container echo-server
27s         Normal    SuccessfulCreate    replicaset/echo-server-d855cd55   Created pod: echo-server-d855cd55-9sg2s
27s         Normal    ScalingReplicaSet   deployment/echo-server            Scaled up replica set echo-server-d855cd55 to 1
© 2025  mtitek