Alex Dyas

Dyas Ex Machina

less than 1 minute read

I stumbled across a new to me reason for the irritating imagePullBackoff error in Kubernetes. Amongst the many well documented reasons this can happen, bad credentials, wrong path to container image etc, you should also check for wrong secret type.

A properly constructed secret for container registry authentication looks like this:

apiVersion: v1
kind: Secret
metadata:
  name: mygreatapp-registry-credentials
  namespace: mygreatapp
data:
  .dockerconfigjson: UmVhbGx5IHJlYWxseSByZWVlZWVlZWVlZWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFhYWxsbGxsbGxsbGxsbGxsbGxsbGxsbGxsbGxsbGxsbGx5eXl5eXl5eXl5eXl5eXl5eXl5eSBsbGxsbGxsbGxsbGxsbG9vb29vb29vb29vb29vb29vb29vb29vb29vb25ubm5ubm5ubm5ubm5ubm5ubm5ubm5ubmdnZ2dnZ2dnZ2dnZ2dnZ2dnZ2cgYXV0aCBrZXlzCg==
type: kubernetes.io/dockerconfigjson

Note the secret type. If you forget to define the correct type Kubernetes will not use the secret as authentication for the image pull.

You May Also Enjoy

vim - Remove carriage returns on save

less than 1 minute read

I’ve been copying and pasting a lot from Windows sessions into vim recently, and often I get carriage returns copied with the text. I save all my files in vi...

JQ - Create .dockerconfigjson file

less than 1 minute read

Use the jq tool to create a .dockerconfigjson file from existing details, including inline base64 encoding. Linux, bash style : export REGISTRY="theregistry"...