To create a pod and pull an image from a private registry, Artifactory in our case, you need to pass the secret that contains user credentials for Artifactory.
In Docker versions below 1.7.0, Docker config was saved in .dockercfg file. And when creating a secret using this config file in Kubernetes, it creates a secret type “kubernetes.io/dockercfg”.
Until Artifactory 7.39.x version, this secret type can be used to pull Docker images from Artifactory.
However, from 7.41.x, the “kubernetes.io/dockercfg” secret type may cause the below errors when pulling images,
apiVersion: v1 kind: Pod metadata: name: my-private-pod spec: containers: - name: private image: <ARTIFACTORY>/<DOCKER_REPO>/<IMAGE>:<TAG> imagePullSecrets: - name: <SECRET>
In Docker versions below 1.7.0, Docker config was saved in .dockercfg file. And when creating a secret using this config file in Kubernetes, it creates a secret type “kubernetes.io/dockercfg”.
NAME TYPE DATA AGE dockercfg kubernetes.io/dockercfg 1 17m
Until Artifactory 7.39.x version, this secret type can be used to pull Docker images from Artifactory.
However, from 7.41.x, the “kubernetes.io/dockercfg” secret type may cause the below errors when pulling images,
Warning Failed 1s kubelet Failed to pull image "artifactory/docker/busybox:latest": rpc error: code = Unknown desc = Error response from daemon: Head "http://artifactory/v2/docker/busybox/manifests/latest": unknown: Authentication is required
Warning Failed 1s kubelet Failed to pull image "artifactory/docker/busybox:latest": rpc error: code = Unknown desc = Error response from daemon: Head "http://artifactory/v2/docker/busybox/manifests/latest": unknown: Token failed verification: signature