Kubernetes PullImageError using Docker Hub with a private image
So, I kept researching the web for an answer to my problem and eventually found this:
https://github.com/kubernetes/kubernetes/issues/7954#issuecomment-115241561
At the very end of the thread, jjw27 has nailed it. The kubernetes documentation mentions the .dockercfg.json
file just to say that its contents needs to be base64-encoded. There are actually two issues with this file:
- it looks like it morphed into another file actually, i.e.
.docker/config.json
- the auth info in this file is wrapped by an additional
auths
objects, which you have to get rid of.
Quoting jjw27
Did not work:
{ "auths": { "hub.example.com:1024": { "auth": "asdf=", "email": "example@example.com" } }}
Worked:
{ "hub.example.com:1024": { "auth": "asdf=", "email": "example@example.com" }}
Google, please update this doc!!
Message to Kubernetes devs #2: Also, not complaining with a malformed base64-encoded secret is very misleading. Please validate user input and complain if it contains errors.
The documentation is out of date, in that it refers to .dockercfg
instead of .docker/config.json
. I will update it.
When you use the new .docker/config.json
format, you need to set type: kubernetes.io/dockerconfigjson
instead of type: kubernetes.io/.dockercfg
.
Support for type: kubernetes.io/dockerconfigjson
was added in v1.1.0 so it is supported by your server, but is not supported by your client (which is v1.1.0-alpha which predates v1.1.0).
When you use type: kubernetes.io/dockerconfigjson
, it should validate your secret contents.
With type: kubernetes.io/dockerconfigjson
, you do want to keep the auths
wrapper.