I now have Harbor image registry configured.. How can I pull images from Harbor registry on Kubernetes / OpenShift with a pull secret?. Harbor is a CNCF certified project which aids in storage of OCI images and Helm charts. As Harbor provides authentication system and RBAC, you’ll likely have to add a pull secret for a user or robot account in your Kubernetes or OpenShift Cluster.

Step 1: Login to Harbor on Workstation with docker / podman

Start by logging in to your Harbor registry from Docker CLI or Podman CLI. If your registry is on a custom port, e.g 5000, then your URL will be like myregistry.example.com:5000.

If your Harbor registry is not secure. Add it to the list of insecure registries.

--- Podman ---
$ sudo vim /etc/containers/registries.conf
registries = ['myregistry.example.com']

--- Docker ---
$ sudo vim /etc/docker/daemon.json
  "insecure-registries" : ["myregistry.example.com"]
$ sudo systemctl restart docker
$ docker info

Docker Login:

$ docker login myregistry.example.com
Username: jkmutai
Login Succeeded!

Podman Login:

$ docker login myregistry.example.com
Username: jkmutai
Login Succeeded!

Docker will store your registry access information under ~/.docker/config.json.

$ cat ~/.docker/config.json

While Podman stores then under /run/user/UserID/containers/auth.json

$ cat /run/user/`id -u`/containers/auth.json

You may need to copy the access credentials in json format to the server with kubectl or oc command.

Step 2: Add Harbor registry Secret to Kubernetes / OpenShift

Next we need to add the access details for Harbor registry as secret in Kubernetes/OpenShift.

kubectl create secret generic harbor-registry-secret \
    --from-file=.dockerconfigjson=./harbor-k8s.json \
    --type=kubernetes.io/dockerconfigjson \
    -n demo


  • ./harbor-k8s.json is the path to your Docker/Podman json file. Change it accordingly.
  • demo is the name of the namespace where the secret is to be created

Confirm secret creation:

$ oc get secrets harbor-registry-secret
NAME                     TYPE                             DATA   AGE
harbor-registry-secret   kubernetes.io/dockerconfigjson   1      30s

If you ever want to decrypt added secret to confirm values, you can use the command:

kubectl get secret harbor-registry-secret \
  --output="jsonpath={.data.\.dockerconfigjson}" | base64 --decode

Step 3: Confirm you can deploy Application from image in Harbor registry

Upload an image to Harbor registry – You’ll need to first create a project in harbor.

$ podman pull docker.io/jmutai/kuard-amd64:blue
$ podman tag docker.io/jmutai/kuard-amd64:blue myregistry.example.com/myproject/kuard-amd64:blue
$ docker push myregistry.example.com/myproject/kuard-amd64:blue
Getting image source signatures
Copying blob bcf2f368fe23 done
Copying blob 656e9c47289e done
Copying config 1db936caa6 done
Writing manifest to image destination
Storing signatures


  • myregistry.example.com is harbor registry URL
  • myproject is the project the added user has access to

Create a Pod deployment manifest for Kubernetes.

$ vim kuard-pod-health.yaml
apiVersion: v1
kind: Pod
  name: kuard
  - name: harbor-registry-secret
    - name: kuard
      image: myregistry.example.com/myproject/kuard-amd64:blue
        - containerPort: 8080
          name: http
          protocol: TCP
          cpu: "500m"
          memory: "128Mi"
          cpu: "500m"
          memory: "256Mi"

Create a Pod.

$ kubectl apply -f kuard-pod-health.yaml -n <namespace>
pod/kuard created

Confirm deployment was successful.

$ kubectl get pod -n <namespace>
NAME                          READY   STATUS    RESTARTS   AGE
kuard                         1/1     Running   0          2m18s

If the pod is not created, check events to understand why.

$ kubectl describe pod <podname> <namespace>

OpenShift Courses:

Practical OpenShift for Developers – New Course 2021

Ultimate Openshift (2021) Bootcamp by School of Devops

More guides on Image registries:

Install Harbor Image Registry on Kubernetes / OpenShift with Helm Chart

How To Allow Insecure Registries in OpenShift / OKD 4.x Cluster

Configure Active Directory (AD) Authentication for Harbor Registry

How To Integrate Harbor Registry With LDAP for user Authentication

Your support is our everlasting motivation,
that cup of coffee is what keeps us going!

As we continue to grow, we would wish to reach and impact more people who visit and take advantage of the guides we have on our blog. This is a big task for us and we are so far extremely grateful for the kind people who have shown amazing support for our work over the time we have been online.

Thank You for your support as we work to give you the best of guides and articles. Click below to buy us a coffee.


Please enter your comment!
Please enter your name here