Kubernetes : Use Private Registry2026/05/14

Configure Private Registry to pull container images from self Private Registry.

This example is based on the environment like follows.

+----------------------+   +----------------------+
|  [ ctrl.srv.world ]  |   |   [ dlp.srv.world ]  |
|     Manager Node     |   |     Control Plane    |
+-----------+----------+   +-----------+----------+
        eth0|10.0.0.25             eth0|10.0.0.30
            |                          |
------------+--------------------------+-----------
            |                          |
        eth0|10.0.0.51             eth0|10.0.0.52
+-----------+----------+   +-----------+----------+
| [ node01.srv.world ] |   | [ node02.srv.world ] |
|     Worker Node#1    |   |     Worker Node#2    |
+----------------------+   +----------------------+

[1]	On a Node you'd like to run Private Registry Pod, Configure Registry with basic authentication and HTTPS connection (with valid certificate), refer to here. On this example, Registry Pod is running on Manager Node.
[2]	Add Secret in Kubernetes.

# login to the Registry once with a user

ubuntu@ctrl:~$

podman login ctrl.srv.world:5000

Username:

serverworld

Password:
Login Succeeded!

# then following file is generated

ubuntu@ctrl:~$

ll /run/user/$(id -u)/containers/auth.json

-rw------- 1 ubuntu ubuntu 91 May 14 00:22 /run/user/1000/containers/auth.json

ubuntu@ctrl:~$

AUTH=$(cat /run/user/$(id -u)/containers/auth.json | base64 | tr -d '\n')

ubuntu@ctrl:~$ cat <<EOF > regcred.yml
apiVersion: v1
kind: Secret
data:
  .dockerconfigjson: ${AUTH}
metadata:
  name: regcred
type: kubernetes.io/dockerconfigjson
EOF

ubuntu@ctrl:~$

kubectl apply -f regcred.yml

secret "regcred" created
ubuntu@ctrl:~$

kubectl get secrets

NAME      TYPE                             DATA   AGE
regcred   kubernetes.io/dockerconfigjson   1      6s

[3]	To pull images from self Private Registry, Specify private image and Secret when deploying pods like follows.

ubuntu@ctrl:~$

podman images

REPOSITORY                 TAG          IMAGE ID      CREATED      SIZE
ctrl.srv.world:5000/nginx  my-registry  6f8edba05e38  5 hours ago  165 MB
docker.io/library/nginx    latest       6f8edba05e38  5 hours ago  165 MB

ubuntu@ctrl:~$

vi private-nginx.yml

apiVersion: v1
kind: Pod
metadata:
  name: private-nginx
spec:
  containers:
  - name: private-nginx
    # image on Private Registry
    image: ctrl.srv.world:5000/nginx:my-registry
  imagePullSecrets:
  # Secret name you added
  - name: regcred

ubuntu@ctrl:~$

kubectl create -f private-nginx.yml

pod "private-nginx" created

ubuntu@ctrl:~$

kubectl get pods

NAME            READY   STATUS    RESTARTS   AGE
private-nginx   1/1     Running   0          7s

ubuntu@ctrl:~$

kubectl describe pods private-nginx

Name:             private-nginx
Namespace:        default
Priority:         0
Service Account:  default
Node:             node02.srv.world/10.0.0.52
Start Time:       Thu, 14 May 2026 00:28:19 +0000
Labels:           <none>
Annotations:      cni.projectcalico.org/containerID: bb1935f091a668a7afbca55edfd6663c730b87b036494565d215d328a06b9ef0
                  cni.projectcalico.org/podIP: 192.168.241.135/32
                  cni.projectcalico.org/podIPs: 192.168.241.135/32
Status:           Running
IP:               192.168.241.135
IPs:
  IP:  192.168.241.135
Containers:
  private-nginx:
    Container ID:   containerd://0f5ee033c68b31bd85d3d7bfbf5a91b2990c070064b24749b91991c43d4c15ae
    Image:          ctrl.srv.world:5000/nginx:my-registry
    Image ID:       ctrl.srv.world:5000/nginx@sha256:677c0961a1ee18a593b13131a2343c885d2a5bbc93d3424494d0d10bbd886883
    Port:           <none>
    Host Port:      <none>
    State:          Running
      Started:      Thu, 14 May 2026 00:28:20 +0000
    Ready:          True
    Restart Count:  0
    Environment:    <none>
    Mounts:
      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-xxx4f (ro)
Conditions:
  Type                        Status
  PodReadyToStartContainers   True
  Initialized                 True
  Ready                       True
  ContainersReady             True
  PodScheduled                True
Volumes:
  kube-api-access-xxx4f:
    Type:                    Projected (a volume that contains injected data from multiple sources)
    TokenExpirationSeconds:  3607
    ConfigMapName:           kube-root-ca.crt
    Optional:                false
    DownwardAPI:             true
QoS Class:                   BestEffort
Node-Selectors:              <none>
Tolerations:                 node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
                             node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
  Type    Reason     Age   From               Message
  ----    ------     ----  ----               -------
  Normal  Scheduled  14s   default-scheduler  Successfully assigned default/private-nginx to node02.srv.world
  Normal  Pulling    14s   kubelet            spec.containers{private-nginx}: Pulling image "ctrl.srv.world:5000/nginx:my-registry"
  Normal  Pulled     14s   kubelet            spec.containers{private-nginx}: Successfully pulled image "ctrl.srv.world:5000/nginx:my-registry" in 64ms (64ms including waiting). Image size: 63079439 bytes.
  Normal  Created    14s   kubelet            spec.containers{private-nginx}: Container created
  Normal  Started    14s   kubelet            spec.containers{private-nginx}: Container started

Matched Content