Agile Snowball


Configuring Kubernetes with an image pull secret for GitHub Container Registry

By Richard Thombs on 11/11/2020

If you've got your containers hosted in the GitHub Container Registry or the GitHub Packages Docker Registry, then you'll need to configure Kubernetes with an "image pull secret" in order to authorise your cluster to access the registry.

If your GitHub repo is public then this isn't necessary for images in the GitHub Container Registry, but it is necessary if your images are in the GitHub Packages Docker Registry.

You can easily tell which registry you are using from the URL you've posted the images to: is the GitHub Packages Docker Registry and is the GitHub Container Registry.

1. Generate a GitHub Personal Access Token

Read the GitHub documentation on how to create a personal access token.

Make sure you give it "read:packages" permission and remove all other permissions

2. Create a Kubernetes secret

Creating secrets is documented here:

kubectl create secret docker-registry <SECRET NAME>
  --docker-username=<GITHUB USERNAME>
  --docker-password=<GITHUB TOKEN>
  --docker-email=<GITHUB EMAIL>

3. Add "ImagePullSecret" to your pod specification

  - name: <CONTAINER NAME>
    image:<CONTAINER PATH>
    - name: <SECRET NAME>