Private Docker Registry Secret

You can avoid potential docker throttling when Kubernetes anonymously pulls images by configuring a secret containing a docker login. This same mechanism can be used to gain access to non-public docker registries provided that the docker login used has access to those registries.

Before You Start

  • Ensure you have completed Developer System Setup.
  • You have the kubectl command-line tool installed and configured to use your Kubernetes cluster.

How to Create a Docker Access Secret

  1. Create a secret named regcred:

    kubectl create secret docker-registry regcred --docker-username=USER --docker-password=PASS

    tip icon Tip

    You must set up the secret for all namespaces which you may reference in a deployment. You can control the list of namespaces available for deployment using the Helm chart namespaces.exclude list. To create the secret for multiple namespaces at once, you can use a loop in a shell script:

    for NAMESPACE in namespace1 namespace2 namespace3; do
    kubectl create secret docker-registry regcred \
    --docker-username=USER \
    --docker-password=PASS \
    -n $NAMESPACE
    done

    Replace namespace1, namespace2, namespace3 with your target namespaces, and USER and PASS with your Docker credentials.

    warning icon MacOs
    --from-file does not work for MacOS

  2. Configure Kubernetes to use this regcred secret by default on all docker image accesses for HPE Machine Learning Inferencing Software-deployed services:

    kubectl patch serviceaccount default -p '{"imagePullSecrets": [{"name": "regcred"}]}'