GitHub had announced a major feature on their platform which is GitHub packages. As well as hosting private npm or NuGet registries, GitHub packages also includes private docker registries. If you use GitHub for hosting your private project, it might make sense to use the private docker registry from GitHub.

Private Registry Authentication

Login to docker from your workstation with the personal access token. You can find out more details about GitHub packages, and specifically about the token permissions.

cat ~/gh-do-package.txt | docker login -u USERNAME --password-stdin

Replace USERNAME with your GitHub username.

If you can see an auth key with your base64 encoded value, then create a Kubernetes secret value.

kubectl create secret generic ghregcred \
    --from-file=.dockerconfigjson=<path/to/.docker/config.json> \

In my case however, the value is not available as I am using the credStore. Therefore, I will have to create the secret using the command:

kubectl create secret docker-registry ghregcred \ \
    --docker-username=<your-name> \
    --docker-password=<your-pword> \


  • <your-name> is your GitHub username.
  • <your-pword> is your GitHub personal access token.
  • <your-email> is your GitHub email.

You can inspect the value that was created with:

kubectl get secret ghregcred --output=yaml

The output is similar to this:

apiVersion: v1
kind: Secret
    name: ghregcred
    .dockerconfigjson: eyJodHRwczovL2luZGV4L ... J0QUl6RTIifX0=

Read more about inspecting the secret.

Create a Deployment that uses the secret

Create a deployment.yaml file as below with the USERNAME, REPOSITORY and mysecret values replaced with the appropriate ones making sure the indentation for imagePullSecrets matches.

apiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2
kind: Deployment
  name: mysecret-deployment
      app: mysecret
  replicas: 1 # tells deployment to run 1 pod matching the template
        app: mysecret
      - name: mysecret
        - containerPort: 8080
      - name: ghregcred

Run the kubectl apply command pointing to the file.

 kubectl apply -f ./deployment.yaml

Display information about the Deployment:

 kubectl describe deployment mysecret-deployment

Tip: You can verify that the pod is deployed correct if its a web application by using kube-proxy. Follow the url pattern http://localhost:8001/api/v1/namespaces/xxx/pods/mysecret-deployment-xxx:/proxy/


You can follow the same steps to setup private docker registry authentication for any registries that support docker’s login protocol. All I did was put together various docs already available; together.