We use analytics and cookies to understand site traffic. Information about your use of our site is shared with Google for that purpose. Learn more.
Deploying images from a private container registry
Learn how to configure your Knative cluster to deploy images from a private container registry.
To share access to your private container images across multiple services and
revisions, you create a list of Kubernetes secrets
(imagePullSecrets
)
using your registry credentials, add that imagePullSecrets
to your default
service account,
and then deploy those configurations to your Knative cluster.
Before you begin
You need:
- A Kubernetes cluster with Knative Serving installed.
- The credentials to the private container registry where your container images are stored.
Configuring your credentials in Knative
-
Create a
imagePullSecrets
that contains your credentials as a list of secrets:kubectl create secret docker-registry [REGISTRY-CRED-SECRETS] \ --docker-server=[PRIVATE_REGISTRY_SERVER_URL] \ --docker-email=[PRIVATE_REGISTRY_EMAIL] \ --docker-username=[PRIVATE_REGISTRY_USER] \ --docker-password=[PRIVATE_REGISTRY_PASSWORD]
Where
-
[REGISTRY-CRED-SECRETS]
is the name that you want for your secrets (imagePullSecrets
object). For example,container-registry
. -
[PRIVATE_REGISTRY_SERVER_URL]
is the URL to the private registry where your container images are stored.Examples:
- Google Container Registry: https://gcr.io/
- DockerHub https://index.docker.io/v1/
-
[PRIVATE_REGISTRY_EMAIL]
is your email address that is associated with the private registry. -
[PRIVATE_REGISTRY_USER]
is the username that you use to access the private container registry. -
[PRIVATE_REGISTRY_PASSWORD]
is the password that you use to access the private container registry.
Example:
kubectl create secret `container-registry` \ --docker-server=https://gcr.io/ \ --docker-email=my-account-email@address.com \ --docker-username=my-grc-username \ --docker-password=my-gcr-password
Tip: After creating the
imagePullSecrets
, you can view those secret's by running:kubectl get secret [REGISTRY-CRED-SECRETS] --output=yaml
-
-
Add the
imagePullSecrets
to yourdefault
service account in thedefault
namespace.Note: By default, the
default
service account in each of the namespaces of your Knative cluster are use by your revisions unlessserviceAccountName
is specified.-
Run the following command to modify your
default
service account:For example, if you named your secrets
container-registry
, then you patch it with this.kubectl patch serviceaccount default -p "{\"imagePullSecrets\": [{\"name\": \"container-registry\"}]}"
-
-
Deploy the updated service account to your Knative cluster:
kubectl apply --filename service-account.yaml
Now, all the new pods that are created in the default
namespace will include
your credentials and have access to your container images in the private registry.
What's next
You can now create a service that uses your container images from the private registry. Learn how to create a Knative service.
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.