Kubernetes : Use Private Registry
2018/04/15 |
Use Docker Private Registry to pull Docker images from self Private Registry.
This example is based on the environment like follows.
-----------+---------------------------+--------------------------+------------ | | | eth0|10.0.0.30 eth0|10.0.0.51 eth0|10.0.0.52 +----------+-----------+ +-----------+----------+ +-----------+----------+ | [ dlp.srv.world ] | | [ node01.srv.world ] | | [ node02.srv.world ] | | Master Node | | Worker Node | | Worker Node | +----------------------+ +----------------------+ +----------------------+ |
[1] |
On the Node you'd like to run Private Registry Pod,
Run Docker Registry with authentication, refer to here of [1]-[4].
On this example, Registry Pod is runing on Master Node. |
[2] | Add Secret in Kubernetes. |
# login to the Registry once [root@dlp ~]# docker login dlp.srv.world:5000 Username: admin Password: Login Succeeded # then following file is generated [root@dlp ~]# ll ~/.docker/config.json -rw-------. 1 root root 82 Apr 15 12:53 /root/.docker/config.json # BASE64 encode of the file [root@dlp ~]# cat ~/.docker/config.json | base64 ewoJImF1dGhzIjogewoJCSJkbHAuc3J2LndvcmxkOjUwMDAiOiB7CgkJCSJ...
[root@dlp ~]#
vi regcred.yml # create new # specify contents of BASE64 encoding above with one line for [.dockerconfigjson] section apiVersion: v1 kind: Secret data: .dockerconfigjson: ewoJImF1dGhzIjogewoJCSJkbHAuc3J2LndvcmxkOjUwMDAiOiB7CgkJCSJ... metadata: name: regcred type: kubernetes.io/dockerconfigjson kubectl create -f regcred.yml secret "regcred" created [root@dlp ~]# kubectl get secrets NAME TYPE DATA AGE default-token-8gcdr kubernetes.io/service-account-token 3 3d regcred kubernetes.io/dockerconfigjson 1 5m |
[3] | To pull images from self Private Registry, Specify private image and Secret when deploying pods like follows. |
[root@dlp ~]# docker images dlp.srv.world:5000/nginx REPOSITORY TAG IMAGE ID CREATED SIZE dlp.srv.world:5000/nginx latest b175e7467d66 6 days ago 109 MB
[root@dlp ~]#
vi private-nginx.yml apiVersion: v1 kind: Pod metadata: name: private-nginx spec: containers: - name: private-nginx # image on Private Registry image: dlp.srv.world:5000/nginx imagePullSecrets: # Secret name you added - name: regcred
[root@dlp ~]#
[root@dlp ~]# kubectl create -f private-nginx.yml pod "private-nginx" created kubectl get pods NAME READY STATUS RESTARTS AGE private-nginx 1/1 Running 0 41s[root@dlp ~]# kubectl describe pods private-nginx Name: private-nginx Namespace: default Node: node01.srv.world/10.0.0.51 Start Time: Tue, 15 Apr 2018 13:33:21 +0900 Labels: <none> Annotations: <none> Status: Running IP: 10.244.1.11 Containers: private-nginx: Container ID: docker://0e805ca076040e6a510b3a0520cb6c4593431484b32b4b6fb9bec2317026d076 Image: dlp.srv.world:5000/nginx Image ID: docker-pullable://dlp.srv.world:5000/nginx@sha256:d903fe3076f89ad76afe1cb... ..... ..... Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal Scheduled 1m default-scheduler Successfully assigned private-nginx to node01.. Normal Successful.. 1m kubelet, node01.srv.world MountVolume.SetUp succeeded for volume "defau.. Normal Pulling 1m kubelet, node01.srv.world pulling image "dlp.srv.world:5000/nginx" Normal Pulled 1m kubelet, node01.srv.world Successfully pulled image "dlp.srv.world:5000/nginx" Normal Created 1m kubelet, node01.srv.world Created container Normal Started 1m kubelet, node01.srv.world Started container |