--- title: "Using Private Registry with OVHcloud Managed Kubernetes" description: "Find out how to use images from OVHcloud Managed Private Registry service on OVHcloud Managed Kubernetes clusters" url: https://docs.ovhcloud.com/es/guides/public-cloud/containers-orchestration/managed-private-registry/kubernetes lang: es lastUpdated: 2023-02-28 --- # Using Private Registry with OVHcloud Managed Kubernetes In this tutorial we are going to guide you in using images from OVHcloud Managed Private Registry service on OVHcloud Managed Kubernetes clusters. ## Before you begin This tutorial presupposes that you already have a working OVHcloud Managed Kubernetes cluster, and some basic knowledge of how to operate it. If you want to know more on those topics, please look at the [deploying a Hello World application](/es/guides/public-cloud/containers-orchestration/managed-kubernetes/deploy-hello-world.md) documentation. You also need to have a working OVHcloud Managed Private Registry and have followed the guides on [creating a private registry](/es/guides/public-cloud/containers-orchestration/managed-private-registry/creation.md), [connecting to the UI](/es/guides/public-cloud/containers-orchestration/managed-private-registry/connect-to-ui.md), [managing users and projects](/es/guides/public-cloud/containers-orchestration/managed-private-registry/managing-users-projects.md) and [creating and using private images](/es/guides/public-cloud/containers-orchestration/managed-private-registry/create-private-image.md). We will specifically suppose you have followed the last one and you have a `hello-ovh` image on your private registry. ## Create Kubernetes Secret Kubernetes needs to have access to the private registry to pull images from it, so you need to store the private registry credentials in a Kubernetes Secret. There are 2 ways to create the registry credentials secret. Chose the solution you prefer. ### 1. Create a Secret based on existing Docker credentials #### Log in to your OVHcloud Managed Private Registry In order to pull a private image from your private registry, you must authenticate with it using `docker login`. ```bash docker login [YOUR_PRIVATE_REGISTRY_URL] ``` For my private registry: ```console $ docker login 8093ff7x.gra5.container-registry.ovh.net Username: private-user Password: Login Succeeded ``` The login process creates or updates a `config.json` file that holds an authorization token. View the `config.json` file: ```bash cat ~/.docker/config.json ``` #### Creating the Secret Let's create a Secret of `docker-registry` type. You will use this Secret to authenticate with your private registry to pull a private image. If you already ran `docker login`, you can copy that credential into Kubernetes: ```bash kubectl create secret generic regcred \ --from-file=.dockerconfigjson= \ --type=kubernetes.io/dockerconfigjson ``` For my private registry: ```console $ kubectl create secret generic regcred \ --from-file=.dockerconfigjson=/Users/avache/.docker/config.json \ --type=kubernetes.io/dockerconfigjson secret/regcred created ``` You can check the secret has been correctly deployed in your Kubernetes cluster: ```console $ kubectl get secret regcred -o jsonpath="{.data.\.dockerconfigjson}" ewogICAgICAgICJhdXRocyI6IHsKCQkiaHR0cHM6Ly9pbmRleC5kb2NrZXIuaW8vdjEvIjogewogICAgICAgICAgICAgICAgICAgICAgICAiYXV0aCI6ICJjMk55WVd4NU9qaDBhM00wWm01aiIKICAgICAgICAgICAgICAgIH0sCiAgICAgICAgICAgICAgICAiY3g2ZHMzMGQuZ3JhNy5jb250YWluZXItcmVnaXN0cnkub3ZoLm5ldCI6IHsKICAgICAgICAgICAgICAgICAgICAgICAgImF1dGgiOiAiY0hKcGRtRjBaUzExYzJWeU9sQnlhWFpoZEdWVmMyVnlNUT09IgogICAgICAgICAgICAgICAgfQogICAgICAgIH0KfQo= ``` :::info Secrets are encoded in base64 and automatically decoded when they are attached to a Pod. ::: ### 2. Create a Secret by providing credentials on the command line Let's create a Secret of `docker-registry` type. You will use this Secret to authenticate with your private registry to pull a private image: ```bash kubectl create secret docker-registry regcred \ --docker-server=`` \ --docker-username=`` \ --docker-password=`` ``` For my private registry: ```console $ kubectl create secret docker-registry regcred \ --docker-server=cx6ds30d.gra7.container-registry.ovh.net \ --docker-username=private-user \ --docker-password=PrivateUser1 secret/regcred created ``` You can check the secret has been correctly deployed in your Kubernetes cluster: ```console $ kubectl get secret regcred -o jsonpath="{.data.\.dockerconfigjson}" eyJhdXRocyI6eyJjeDZkczMwZC5ncmE3LmNvbnRhaW5lci1yZWdpc3RyeS5vdmgubmV0Ijp7InVzZXJuYW1lIjoicHJpdmF0ZS11c2VyIiwicGFzc3dvcmQiOiJQcml2YXRlVXNlcjEiLCJhdXRoIjoiY0hKcGRtRjBaUzExYzJWeU9sQnlhWFpoZEdWVmMyVnlNUT09In19fQ== ``` :::info Secrets are encoded in base64 and automatically decoded when they are attached to a Pod. ::: ## Deploying an image The first step to deploy a Docker image in a Kubernetes cluster is to write a YAML manifest. Let's call it `hello-ovh.yaml`: ```yaml apiVersion: v1 kind: Service metadata: name: hello-ovh labels: app: hello-ovh spec: type: LoadBalancer ports: - port: 80 targetPort: 80 protocol: TCP name: http selector: app: hello-ovh --- apiVersion: apps/v1 kind: Deployment metadata: name: hello-ovh-deployment labels: app: hello-ovh spec: replicas: 1 selector: matchLabels: app: hello-ovh template: metadata: labels: app: hello-ovh spec: containers: - name: hello-ovh image: [YOUR_PRIVATE_REGISTRY_URL]/[YOUR_PROJECT]/hello-ovh:1.0.0 ports: - containerPort: 80 imagePullSecrets: - name: regcred ``` :::info Replace `[YOUR_PRIVATE_REGISTRY_URL]` and `[YOUR_PROJECT]` with your private registry URL and your project name, for example for my private registry it will be: `cx6ds30d.gra7.container-registry.ovh.net/private/hello-ovh:1.0.0` ::: And then we can apply the file: ```bash kubectl apply -f hello-ovh.yaml ``` After applying the YAML file, a new `hello-world` service and the corresponding `hello-world-deployment` deployment are created: ```console $ kubectl apply -f hello-ovh.yaml service/hello-ovh created deployment.apps/hello-ovh-deployment created $ kubectl get po -l app=hello-ovh NAME READY STATUS RESTARTS AGE hello-ovh-deployment-6df76cb7b8-vbk2b 1/1 Running 0 66s ``` Our Pod is correctly running, so Kubernetes has pulled the image from your private registry with success. ## Go further To have an overview of OVHcloud Managed Private Registry service, you can go to the OVHcloud Managed Private Registry site. Join our [community of users](https://community.ovhcloud.com/).