New to KubeDB? Please start here.

Using private Docker registry

KubeDB operator supports using private Docker registry. This tutorial will show you how to use KubeDB to run MongoDB database using private Docker images.

Before You Begin

At first, you need to have a Kubernetes cluster, and the kubectl command-line tool must be configured to communicate with your cluster. If you do not already have a cluster, you can create one by using Minikube.

You will also need a docker private registry or private repository. In this tutorial we will use private repository of docker hub.

You have to push the required images from KubeDB’s Docker hub account into your private registry. For mongodb, push the following images to your private registry.

  • kubedb/operator
  • kubedb/mongo
  • kubedb/mongo-tools

    $ export DOCKER_REGISTRY=<your-registry>
    $ docker pull kubedb/operator:0.8.0-beta.2 ; docker tag kubedb/operator:0.8.0-beta.2 $DOCKER_REGISTRY/operator:0.8.0-beta.2 ; docker push $DOCKER_REGISTRY/operator:0.8.0-beta.2
    $ docker pull kubedb/mongo:3.4 ; docker tag kubedb/mongo:3.4 $DOCKER_REGISTRY/mongo:3.4 ; docker push $DOCKER_REGISTRY/mongo:3.4
    $ docker pull kubedb/mongo:3.6 ; docker tag kubedb/mongo:3.6 $DOCKER_REGISTRY/mongo:3.6 ; docker push $DOCKER_REGISTRY/mongo:3.6
    $ docker pull kubedb/mongo-tools:3.4 ; docker tag kubedb/mongo-tools:3.4 $DOCKER_REGISTRY/mongo-tools:3.4 ; docker push $DOCKER_REGISTRY/mongo-tools:3.4
    $ docker pull kubedb/mongo-tools:3.6 ; docker tag kubedb/mongo-tools:3.6 $DOCKER_REGISTRY/mongo-tools:3.6 ; docker push $DOCKER_REGISTRY/mongo-tools:3.6

Create ImagePullSecret

ImagePullSecrets is a type of a Kubernete Secret whose sole purpose is to pull private images from a Docker registry. It allows you to specify the url of the docker registry, credentials for logging in and the image name of your private docker image.

Run the following command, substituting the appropriate uppercase values to create an image pull secret for your private Docker registry:

$ kubectl create secret docker-registry myregistrykey \
  --docker-server=DOCKER_REGISTRY_SERVER \
  --docker-username=DOCKER_USER \
  --docker-email=DOCKER_EMAIL \

secret "myregistrykey" created.

If you wish to follow other ways to pull private images see official docs of kubernetes.

NB: If you are using kubectl 1.9.0, update to 1.9.1 or later to avoid this issue.

Install KubeDB operator

When installing KubeDB operator, set the flags --docker-registry and --image-pull-secret to appropriate value. Follow the steps to install KubeDB operator properly in cluster so that to points to the DOCKER_REGISTRY you wish to pull images from.

Create Demo namespace

To keep things isolated, this tutorial uses a separate namespace called demo throughout this tutorial. Run the following command to prepare your cluster for this tutorial:

$ kubectl create -f
namespace "demo" created

$ kubectl get ns
NAME          STATUS    AGE
default       Active    45m
demo          Active    10s
kube-public   Active    45m
kube-system   Active    45m

Deploy MongoDB database from Private Registry

While deploying MongoDB from private repository, you have to add myregistrykey secret in MongoDB spec.imagePullSecrets. Below is the MongoDB CRD object we will create.

kind: MongoDB
  name: mgo-pvt-reg
  namespace: demo
  version: 3.4
  doNotPause: true
    storageClassName: "standard"
    - ReadWriteOnce
        storage: 50Mi
    - name: myregistrykey

Now run the command to deploy this MongoDB object:

$ kubedb create -f
validating ""
mongodb "mgo-pvt-reg" created

To check if the images pulled successfully from the repository, see if the MongoDB is in running state:

$ kubectl get pods -n demo -w
NAME            READY     STATUS              RESTARTS   AGE
mgo-pvt-reg-0   0/1       Pending             0          0s
mgo-pvt-reg-0   0/1       Pending             0          0s
mgo-pvt-reg-0   0/1       ContainerCreating   0          0s
mgo-pvt-reg-0   1/1       Running             0          5m

$ kubedb get mg -n demo
NAME          STATUS    AGE
mgo-pvt-reg   Running   1m


We don’t need to add imagePullSecret for snapshot objects. Just create snapshot object and KubeDB operator will reuse the ImagePullSecret from MongoDB object.

Cleaning up

To cleanup the Kubernetes resources created by this tutorial, run:

$ kubedb delete mg,drmn,snap -n demo --all --force

$ kubectl delete ns demo
namespace "demo" deleted

Next Steps