New to KubeDB? Please start here.

Using private Docker registry

KubeDB operator supports using private Docker registry. This tutorial will show you how to use KubeDB to run Memcached server using private Docker images.

Before You Begin

  • Read concept of Memcached Version Catalog to learn detail concepts of MemcachedVersion object.

  • You need to have a Kubernetes cluster, and the kubectl command-line tool must be configured to communicate with your cluster. If you do not already have a cluster, you can create one by using kind.

  • You will also need a docker private registry or private repository. In this tutorial we will use private repository of docker hub.

  • You have to push the required images from KubeDB’s Docker hub account into your private registry. For memcached, push DB_IMAGE, EXPORTER_IMAGE of following MemcachedVersions, where deprecated is not true, to your private registry.

    $ kubectl get memcachedversions -n kube-system  -o=custom-columns=NAME:.metadata.name,VERSION:.spec.version,DB_IMAGE:.spec.db.image,EXPORTER_IMAGE:.spec.exporter.image,DEPRECATED:.spec.deprecated
    NAME     VERSION   DB_IMAGE                                          EXPORTER_IMAGE                                          DEPRECATED
    1.5.22   1.5.22    ghcr.io/appscode-images/memcached:1.5.22-alpine   prom/memcached-exporter:v0.14.2                         <none>
    1.6.22   1.6.22    ghcr.io/appscode-images/memcached:1.6.22-alpine   ghcr.io/appscode-images/memcached_exporter:v0.14.3-ac   <none>
    1.6.29   1.6.29    ghcr.io/appscode-images/memcached:1.6.29-alpine   ghcr.io/appscode-images/memcached_exporter:v0.14.3-ac   <none>
    

    Docker hub repositories:

  • Update KubeDB catalog for private Docker registry. Ex:

    apiVersion: catalog.kubedb.com/v1alpha1
    kind: MemcachedVersion
    metadata:
      name: 1.6.22
    spec:
      db:
        image: PRIVATE_REGISTRY/memcached:1.6.22-alpine
      exporter:
        image: PRIVATE_REGISTRY/memcached_exporter:v0.14.3
      podSecurityPolicies:
        databasePolicyName: memcached-db
      securityContext:
        runAsUser: 999
      version: 1.6.22
    
  • To keep things isolated, this tutorial uses a separate namespace called demo throughout this tutorial. Run the following command to prepare your cluster for this tutorial:

    $ kubectl create ns demo
    namespace/demo created
    

Create ImagePullSecret

ImagePullSecrets is a type of a Kubernete Secret whose sole purpose is to pull private images from a Docker registry. It allows you to specify the url of the docker registry, credentials for logging in and the image name of your private docker image.

Run the following command, substituting the appropriate uppercase values to create an image pull secret for your private Docker registry:

$ kubectl create secret docker-registry -n demo myregistrykey \
  --docker-server=DOCKER_REGISTRY_SERVER \
  --docker-username=DOCKER_USER \
  --docker-email=DOCKER_EMAIL \
  --docker-password=DOCKER_PASSWORD
secret/myregistrykey created

If you wish to follow other ways to pull private images see official docs of Kubernetes.

NB: If you are using kubectl 1.9.0, update to 1.9.1 or later to avoid this issue.

Install KubeDB operator

When installing KubeDB operator, set the flags --docker-registry and --image-pull-secret to appropriate value. Follow the steps to install KubeDB operator properly in cluster so that to points to the DOCKER_REGISTRY you wish to pull images from.

Deploy Memcached server from Private Registry

While deploying Memcached from private repository, you have to add myregistrykey secret in Memcached spec.imagePullSecrets. Below is the Memcached CRD object we will create.

apiVersion: kubedb.com/v1
kind: Memcached
metadata:
  name: memcd-pvt-reg
  namespace: demo
spec:
  replicas: 1
  version: "1.6.22"
  podTemplate:
    spec:
      containers:
      - name: memcached
        resources:
          limits:
            cpu: 500m
            memory: 128Mi
          requests:
            cpu: 250m
            memory: 64Mi
      imagePullSecrets:
      - name: myregistrykey

Now run the command to deploy this Memcached object:

$ kubectl create -f https://github.com/kubedb/docs/raw/v2024.11.18/docs/examples/memcached/private-registry/demo-2.yaml
memcached.kubedb.com/memcd-pvt-reg created

To check if the images pulled successfully from the repository, see if the Memcached is in running state:

$ kubectl get pods -n demo -w
NAME                             READY     STATUS              RESTARTS   AGE
memcd-pvt-reg-694d4d44df-bwtk8   0/1       ContainerCreating   0          18s
memcd-pvt-reg-694d4d44df-tkqc4   0/1       ContainerCreating   0          17s
memcd-pvt-reg-694d4d44df-zhj4l   0/1       ContainerCreating   0          17s
memcd-pvt-reg-694d4d44df-bwtk8   1/1       Running             0          25s
memcd-pvt-reg-694d4d44df-zhj4l   1/1       Running             0          26s
memcd-pvt-reg-694d4d44df-tkqc4   1/1       Running             0          27s

$ kubectl get mc -n demo
NAME            VERSION    STATUS    AGE
memcd-pvt-reg   1.6.22     Running   59s

Cleaning up

To cleanup the Kubernetes resources created by this tutorial, run:

$ kubectl patch -n demo mc/memcd-pvt-reg -p '{"spec":{"deletionPolicy":"WipeOut"}}' --type="merge"
memcached.kubedb.com/memcd-pvt-reg patched

$ kubectl delete -n demo mc/memcd-pvt-reg
memcached.kubedb.com "memcd-pvt-reg" deleted

$ kubectl delete -n demo secret myregistrykey
secret "myregistrykey" deleted

$ kubectl delete ns demo
namespace "demo" deleted

Next Steps