Kubernetes PullImageError using Docker Hub with a private image
So, I kept researching the web for an answer to my problem and eventually found this:
https://github.com/kubernetes/kubernetes/issues/7954#issuecomment-115241561
At the very end of the thread, jjw27 has nailed it. The kubernetes documentation mentions the .dockercfg.json file just to say that its contents needs to be base64-encoded. There are actually two issues with this file:
- it looks like it morphed into another file actually, i.e.
.docker/config.json - the auth info in this file is wrapped by an additional
authsobjects, which you have to get rid of.
Quoting jjw27
Did not work:
{ "auths": { "hub.example.com:1024": { "auth": "asdf=", "email": "example@example.com" } }}Worked:
{ "hub.example.com:1024": { "auth": "asdf=", "email": "example@example.com" }}Google, please update this doc!!
Message to Kubernetes devs #2: Also, not complaining with a malformed base64-encoded secret is very misleading. Please validate user input and complain if it contains errors.
The documentation is out of date, in that it refers to .dockercfg instead of .docker/config.json. I will update it.
When you use the new .docker/config.json format, you need to set type: kubernetes.io/dockerconfigjson instead of type: kubernetes.io/.dockercfg.
Support for type: kubernetes.io/dockerconfigjson was added in v1.1.0 so it is supported by your server, but is not supported by your client (which is v1.1.0-alpha which predates v1.1.0).
When you use type: kubernetes.io/dockerconfigjson, it should validate your secret contents.
With type: kubernetes.io/dockerconfigjson, you do want to keep the auths wrapper.