In this article we’ll see how to deploy container images from a GitLab private registry into Kubernetes.
Public container images, in registries like Docker Hub, can be deployed easily without needing to provide any credentials. Kubernetes Deployments (and other objects like StatefulSets) simply need the
informaticsmatters/neo4j:3.5.20. However, images resident on a private registry will require you to deploy an ImagePullSecret that Kubernetes uses to pull the image.
Kubernetes documentation describes such secrets with a section explaining how they can be created from the command-line.
Here we provide a brief cheat-sheet that explains how to create a pull-secret using GitLab and then use that in a Deployment.
Firstly, we assume that you’ve created a container image in your GitLab project and loaded into the free registry that is part of your project.
In the Add a deploy token of the Deploy Tokens section: -
The deploy token is only visible at this stage so take a copy of the Username and the Token, which is essentially the registry access password.
Armed with the Username and Token from above you can create a pull-secret string with the following shell commands: -
The resultant base-64 string (the
gitlab_pull_secret value) can now be used in a Kubernetes Secret as the
.dockerconfigjson value. The YAML example below is taken from an Ansible template, where the variable
gitlab_pull_secret is known.
To deploy a container image using the pull-secret you simply have to refer to it from your Deployment object. The following fragment from a Deployment illustrates the salient parts of the object that you need to provide.
You’ll see that the container
image is based on the name of the registry (i.e.
registry.gitlab.com), your GitLab organisation (or namespace) and project.