|
Kubernetes : Use Private Registry
2018/04/15 |
|
Use Docker Private Registry to pull Docker images from self Private Registry.
This example is based on the environment like follows.
-----------+---------------------------+--------------------------+------------
| | |
eth0|10.0.0.30 eth0|10.0.0.51 eth0|10.0.0.52
+----------+-----------+ +-----------+----------+ +-----------+----------+
| [ dlp.srv.world ] | | [ node01.srv.world ] | | [ node02.srv.world ] |
| Master Node | | Worker Node | | Worker Node |
+----------------------+ +----------------------+ +----------------------+
|
| [1] |
On the Node you'd like to run Private Registry Pod,
Run Docker Registry with authentication, refer to here of [1]-[4].
On this example, Registry Pod is runing on Master Node. |
| [2] | Add Secret in Kubernetes. |
|
# login to the Registry once [root@dlp ~]# docker login dlp.srv.world:5000 Username: admin Password: Login Succeeded # then following file is generated [root@dlp ~]# ll ~/.docker/config.json -rw-------. 1 root root 82 Apr 15 12:53 /root/.docker/config.json # BASE64 encode of the file [root@dlp ~]# cat ~/.docker/config.json | base64 ewoJImF1dGhzIjogewoJCSJkbHAuc3J2LndvcmxkOjUwMDAiOiB7CgkJCSJ...
[root@dlp ~]#
vi regcred.yml # create new # specify contents of BASE64 encoding above with one line for [.dockerconfigjson] section apiVersion: v1 kind: Secret data: .dockerconfigjson: ewoJImF1dGhzIjogewoJCSJkbHAuc3J2LndvcmxkOjUwMDAiOiB7CgkJCSJ... metadata: name: regcred type: kubernetes.io/dockerconfigjson kubectl create -f regcred.yml secret "regcred" created [root@dlp ~]# kubectl get secrets NAME TYPE DATA AGE default-token-8gcdr kubernetes.io/service-account-token 3 3d regcred kubernetes.io/dockerconfigjson 1 5m |
| [3] | To pull images from self Private Registry, Specify private image and Secret when deploying pods like follows. |
|
[root@dlp ~]# docker images dlp.srv.world:5000/nginx REPOSITORY TAG IMAGE ID CREATED SIZE dlp.srv.world:5000/nginx latest b175e7467d66 6 days ago 109 MB
[root@dlp ~]#
vi private-nginx.yml
apiVersion: v1
kind: Pod
metadata:
name: private-nginx
spec:
containers:
- name: private-nginx
# image on Private Registry
image: dlp.srv.world:5000/nginx
imagePullSecrets:
# Secret name you added
- name: regcred
[root@dlp ~]#
[root@dlp ~]# kubectl create -f private-nginx.yml pod "private-nginx" created kubectl get pods NAME READY STATUS RESTARTS AGE private-nginx 1/1 Running 0 41s[root@dlp ~]# kubectl describe pods private-nginx
Name: private-nginx
Namespace: default
Node: node01.srv.world/10.0.0.51
Start Time: Tue, 15 Apr 2018 13:33:21 +0900
Labels: <none>
Annotations: <none>
Status: Running
IP: 10.244.1.11
Containers:
private-nginx:
Container ID: docker://0e805ca076040e6a510b3a0520cb6c4593431484b32b4b6fb9bec2317026d076
Image: dlp.srv.world:5000/nginx
Image ID: docker-pullable://dlp.srv.world:5000/nginx@sha256:d903fe3076f89ad76afe1cb...
.....
.....
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 1m default-scheduler Successfully assigned private-nginx to node01..
Normal Successful.. 1m kubelet, node01.srv.world MountVolume.SetUp succeeded for volume "defau..
Normal Pulling 1m kubelet, node01.srv.world pulling image "dlp.srv.world:5000/nginx"
Normal Pulled 1m kubelet, node01.srv.world Successfully pulled image "dlp.srv.world:5000/nginx"
Normal Created 1m kubelet, node01.srv.world Created container
Normal Started 1m kubelet, node01.srv.world Started container
|