pulling from private registry #141
Description
I’m using Kubedock as a sidecar in my GitLab CI pipeline, with the following configuration:
variables: TESTCONTAINERS_RYUK_DISABLED: "true" TESTCONTAINERS_KUBEDOCK_ENABLED: "true" TESTCONTAINERS_CHECKS_DISABLE: "true" TESTCONTAINERS_HUB_IMAGE_NAME_PREFIX: "private registry" DOCKER_HOST: "tcp://kubedock:2475" services: - name: joyrex2001/kubedock:latest alias: kubedock variables: KUBEDOCK_DEBUG: "true" command: - server - --namespace=xxxxxx - --timeout=10m - --reverse-proxy - --inspector - --disable-dind - --service-account=xxxx - --pod-name-prefix=kubedock - --image-pull-secrets=xxxxxx
This setup works fine with public images in Testcontainers.
However, when I use a private registry (e.g., private-registry/gvenzl/oracle-xe:slim-faststart), I get the following error:
Can't get Docker image: RemoteDockerImage(imageName=private registry/gvenzl/oracle-xe:slim-faststart, imagePullPolicy=DefaultPullPolicy(), imageNameSubstitutor=org.testcontainers.utility.ImageNameSubstitutor$LogWrappedImageNameSubstitutor@62d0ac62)
Caused by: com.github.dockerjava.api.exception.InternalServerErrorException: Status 500: {"message":"unable to retrieve auth token: invalid username/password: unknown: Authentication is required"},
Kubedock logs confirm that it received the correct parameters:
I0731 10:37:14.961896 1 main.go:29] kubedock 0.18.1-5-g6399f1d (20250428-195502) / kubedock.id=e9a9b82e6ff2
I0731 10:37:14.962447 1 main.go:110] kubernetes config: namespace=xxxxx, initimage=joyrex2001/kubedock:0.18.1, dindimage=joyrex2001/kubedock:0.18.1, ready timeout=10m0s, pull secrets=xxxxxx
I0731 10:37:14.962461 1 main.go:112] docker-in-docker support disabled
I0731 10:37:14.962942 1 main.go:167] reaper started with max container age 1h0m0s
I0731 10:37:14.963357 1 main.go:91] image inspector enabled
I0731 10:37:14.963373 1 main.go:101] enabled reverse-proxy services via 0.0.0.0 on the kubedock host
I0731 10:37:14.963959 1 main.go:133] default image pull policy: ifnotpresent
I0731 10:37:14.964209 1 main.go:136] service account used in deployments: xxxxxxxx
I0731 10:37:14.964229 1 main.go:139] pod name prefix: kubedock
I0731 10:37:14.964259 1 main.go:145] using namespace: xxxxxxx
[GIN] 2025/07/31 - 10:37:34 | 200 | 59.847µs | 127.0.0.1 | GET "/info"
[GIN] 2025/07/31 - 10:37:35 | 200 | 27.276µs | 127.0.0.1 | GET "/version"
[GIN] 2025/07/31 - 10:37:35 | 200 | 39.783µs | 127.0.0.1 | GET "/images/json"
E0731 10:37:35.279259 1 util.go:17] error during request[500]: unable to retrieve auth token: invalid username/password: unknown: Authentication is required
I’ve verified that:
- The secret exists in the same namespace
- The secret is of type kubernetes.io/dockerconfigjson
- The ServiceAccount used by Kubedock has the imagePullSecrets section:
Yet authentication still fails when pulling from the private registry.