How to define Kubernetes Job using a private docker registry?

Question

I have a simple Kubernetes job (based on the http://kubernetes.io/docs/user-guide/jobs/work-queue-2/ example) which uses a Docker image that I have placed as a public image on my dockerhub account. It all loks like this:

job.yaml:

apiVersion: batch/v1
kind: Job
metadata:
  name: job-wq-2
spec:
  parallelism: 2
  template:
    metadata:
      name: job-wq-2
    spec:
      containers:
      - name: c
        image: jonalv/job-wq-2
      restartPolicy: OnFailure

Now I want to try to instead use a private Docker registry which requires authentication as in:

docker login https://myregistry.com

But I can't find anything about how I add username and password to my job.yaml file. How is it done?

Answer 1

You need to use ImagePullSecrets.

Once you create a secret object, you can refer to it in your pod spec (the spec value that is the parent of containers:

apiVersion: batch/v1
kind: Job
metadata:
  name: job-wq-2
spec:
  parallelism: 2
  template:
    metadata:
      name: job-wq-2
    spec:
      imagePullSecrets:
      - name: myregistrykey
      containers:
      - name: c
        image: jonalv/job-wq-2
      restartPolicy: OnFailure

Ofcourse, you'll have to create the secret (as per the docs). This is what this will look like:

apiVersion: v1
kind: Secret
metadata:
  name: myregistrykey
  namespace: mynamespace
data:
  .dockerconfigjson: UmVhbGx5IHJlYWxseSByZWVlZWVlZWVlZWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWxsbGxsbGxsbGxsbGxsbGxsbGxsbGxsbGxsbGxsbGx5eXl5eXl5eXl5eXl5eXl5eXl5eSBsbGxsbGxsbGxsbGxsbG9vb29vb29vb29vb29vb29vb29vb29vb29vb25ubm5ubm5ubm5ubm5ubm5ubm5ubm5ubmdnZ2dnZ2dnZ2dnZ2dnZ2dnZ2cgYXV0aCBrZXlzCg==
type: kubernetes.io/dockerconfigjson

The value of .dockerconfigjson is a base64 encoding of this file: .docker/config.json.

The key point: A job spec contains a pod spec. So whatever knowledge you gain about pod specs can be applied to jobs as well.