Blog content

This information applies to both plain Kubernetes as it does to SAP BTP Kyma. I wrote it because I found the information not in one piece and hope it saves you some time!

Pulling images into Kyma to run them as containers in pods is one of the wonderful things using Kubernetes. While we often leverage open-source software and configuration is in ConfigMaps it’s often unavoidable to use a private repository for images. One that can only be accessed by your organization.

Picture 1: Pull mechanisms to Kubernetes from an image repository.

There are two approaches to this:

1. Use your own private registry to store the images and pull them. My colleague Remy Astier wrote a great blog about it last year.
2. use the private repository option of commercial image registries like Docker Hub or Quay.io and many others.

In this blog we’ll look into option 2. Consider it a subset of option 1. Let’s start!

How-to

We use docker hub. The principle should be the same with other offerings on the web.

1. Push an image to the hub e.g. with

   docker push <hub-id>/<imagename>:<tag>

2. On the docker hub set the image as private.
   
3. Create a token in the security settings of your account as shown below. We’ll only pull images, so read-only is sufficient.
   
   Don’t forget to keep the token secret somewhere, you need it later.
4. Now create a Kubernetes secret out of the token secret like so(below password needs to be exchanged completely with yours, just show it for easier understanding once you obtained it):

   $: kubectl -n myKymaNamespace create secret docker-registry gunters-reg-credentials –docker-username=’mydockerID’ –docker-password=dckr_pat_XVe-9_mySecret

5. Check the creation either on the CLI or look into the Kyma UI.
   
   You see the dockerconfigjson is created.
6. Finally we have to reference it in the deployment like so:
   

That’s it.

References

SAP BTP Kyma – Help

Kyma – Open source project