Enabled to pull image from gcr with kubernetes of docker desktop using json key file as authentication information.
The service account json key file is a valid credential, so download it from the gcp console.
Tell kubernetes to use json key file as credentials when pulling docker image from gcr as secret name gcr-json-key.
kubectl create secret docker-registry gcr-json-key \
--docker-server=<your-registry-server> \
--docker-username=<your-name> \
--docker-password=<your-pword> -\
-docker-email=<your-email>
The options are:
--<your-registry-server> : FQDN of private docker registry
<your-name>: docker username<your-pword>: docker password<your-email>: docker emailIn the case of gcr, it will be as follows
<your-registry-server: https://gcr.io
--<your-name>: __json_key Fixed value
--<your-pword>: json key file cat string
--<your-email>: Service account email addressExample:
kubectl --namespace=$NAMESPACE create secret docker-registry gcr-json-key \
--docker-server=https://gcr.io \
--docker-username=_json_key \
--docker-password="$(cat $PATH_TO_JSON)" \
--docker-email="$MAIL_ADDRESS" \
Confirmation of created secret
> kubectl get secret --namespace=$NAMESPACE
NAME TYPE DATA AGE
gcr-json-key kubernetes.io/dockerconfigjson 1 19d
Register in secret as ImagePullSecret in the default service account.
kubectl --namespace=$NAMESPACE patch serviceaccount default -p '{"imagePullSecrets": [{"name": "gcr-json-key"}]}'
Add a secret reference to your yaml file if you only want to use a specific pod
apiVersion: v1
kind: Pod
metadata:
name: empty-debian
spec:
containers:
- name: empty-debian-container
image: eu.gcr.io/lian-empty-project/empty-debian-container
imagePullSecrets:
- name: gcr-secret
Refference