无法将Docker镜像从Google Container Registry中拉入Kubernetes Pod

Question

I have read this question and this one , and created my Kubernetes secret for Google Container Registry using a service account JSON key with project: owner and viewer permissions. I have also verified that the image does in fact exist in Google Container Registry by going to the console.

I have also read this document .

When I run:

minikube dashboard

And then from the user interface, I click the "+" sybmol, specify the URL of my image like this:

project-123456/bot-image

then click on 'advanced options' and specify the Secret that was imported.

After a few seconds I see this error:

Error: Status 403 trying to pull repository project-123456/bot-image: "Unable to access the repository: project-123456/bot-image; please verify that it exists and you have permission to access it (no valid credential was supplied)."

If I look at what's inside the Secret file (.dockerconfigjson), it's like: {" https://us.gcr.io ": {"email": "admin@domain.com", "auth": "longtexthere"}}

What could be the issue?

Answer 1

The json needs to have a top level "{auths": json key from:

Creating image pull secret for google container registry that doesn't expire?

So the json should be structured like:

{"auths":{"https://us.gcr.io": {"email": "admin@domain.com", "auth": "longtexthere"}}}

If you are still having issues, you can alternatively download the latest version of minikube (0.17.1) and run minikube addons configure registry-creds following the prompts there to setup creds then run minikube addons enable registry-creds

Now you should be able to pull down pods from GCR using a yaml structured like this:

apiVersion: v1
kind: Pod
metadata:
  name: foo
  namespace: default
spec:
  containers:
    - image: gcr.io/example-vm/helloworld:latest
      name: foo

EDIT: 6/13/2018 updating the commands to reflect comment by @Rambatino