Kubernetes PullImageError using Docker Hub with a private image

Question

I\'m struggling to get Kubernetes to work with my private hub.docker.com registry image.

I am using kubectl version: Client Version: version.Info{Major:\"1\", Mino

Answer 1

The documentation is out of date, in that it refers to .dockercfg instead of .docker/config.json. I will update it.

When you use the new .docker/config.json format, you need to set type: kubernetes.io/dockerconfigjson instead of type: kubernetes.io/.dockercfg.

Support for type: kubernetes.io/dockerconfigjson was added in v1.1.0 so it is supported by your server, but is not supported by your client (which is v1.1.0-alpha which predates v1.1.0).

When you use type: kubernetes.io/dockerconfigjson, it should validate your secret contents.

With type: kubernetes.io/dockerconfigjson, you do want to keep the auths wrapper.

Answer 2

So, I kept researching the web for an answer to my problem and eventually found this:

https://github.com/kubernetes/kubernetes/issues/7954#issuecomment-115241561

At the very end of the thread, jjw27 has nailed it. The kubernetes documentation mentions the .dockercfg.json file just to say that its contents needs to be base64-encoded. There are actually two issues with this file:

1. it looks like it morphed into another file actually, i.e. .docker/config.json
2. the auth info in this file is wrapped by an additional auths objects, which you have to get rid of.

Quoting jjw27

Did not work:

{
  "auths": {
    "hub.example.com:1024": {
      "auth": "asdf=",
      "email": "example@example.com"
     }
  }
}

Worked:

{
  "hub.example.com:1024": {
    "auth": "asdf=",
    "email": "example@example.com"
  }
}

Google, please update this doc!!

Message to Kubernetes devs #2: Also, not complaining with a malformed base64-encoded secret is very misleading. Please validate user input and complain if it contains errors.