How can you use a private gitlab container registry to pull an image in kubernetes?

Question

I have a private docker registry hosted on gitlab and I would like to use this repository to pull images for my local kubernetes cluster:

NAME                 TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)   AGE
service/kubernetes   ClusterIP   10.96.0.1    <none>        443/TCP   68m

K8s is on v1.22.5 and is a single-node cluster that comes 'out of the box' with Docker Desktop. I have already built and deployed an image to the gitlab container registry registry.gitlab.com. What I have done already:

1. Executed the command docker login -u <username> -p <password> registry.gitlab.com
2. Modified the ~/.docker/config.json file to the following:

   {
       "auths": {
           "registry.gitlab.com": {}
       },
       "credsStore": "osxkeychain"
   }
   

3. Created and deployed a secret to the cluster with the file:

   apiVersion: v1
   kind: Secret
   metadata:
     name: registry-key
   data:
     .dockerconfigjson: <base-64-encoded-.config.json-file>
   type: kubernetes.io/dockerconfigjson
   

4. Deployed an app with the following file:

   apiVersion: apps/v1
   kind: Deployment
   metadata:
     name: test-deployment 
     labels:
       app: test-app
   spec:
     replicas: 1
     selector:
       matchLabels:
         app: test-app
     template:
       metadata:
         labels:
           app: test-app
       spec:
         imagePullSecrets:
         - name: registry-key
         containers:
         - name: test-app
           image: registry.gitlab.com/<image-name>:latest
           imagePullPolicy: Always
           ports:
           - containerPort: 80
   

---

The deployment is created successfully but upon inspection of the pod (kubectl describe pod) I find the following events:

Events:
  Type     Reason     Age               From               Message
  ----     ------     ----              ----               -------
  Normal   Scheduled  21s               default-scheduler  Successfully assigned default/test-deployment-87b5747b5-xdsl9 to docker-desktop
  Normal   BackOff    19s               kubelet            Back-off pulling image "registry.gitlab.com/<image-name>:latest"
  Warning  Failed     19s               kubelet            Error: ImagePullBackOff
  Normal   Pulling    7s (x2 over 20s)  kubelet            Pulling image "registry.gitlab.com/<image-name>:latest"
  Warning  Failed     7s (x2 over 19s)  kubelet            Failed to pull image "registry.gitlab.com/<image-name>:latest": rpc error: code = Unknown desc = Error response from daemon: Head "https://registry.gitlab.com/v2/<image-name>/manifests/latest": denied: access forbidden
  Warning  Failed     7s (x2 over 19s)  kubelet            Error: ErrImagePull

---

Please provide any information that might be causing these errors.

Answer 1

What password do you use?

Confirm if you are using a Personal Access Token with read/write access to the container registry. Your username should be the gitlab username. I would suggest creating the docker registry secret using kubectl and a txt file with the token as the content, this way you do not have to encode the dockerconfigjson yourself. Here is an example.

$ kubectl create secret docker-registry registry-key \
  --docker-server=registry.gitlab.com \
  --docker-username=<username> \
  --docker-password="$(cat /path/to/token.txt)"

See documentation on the command here