CentOS Stream 10
Sponsored Link

Kubernetes : Use Private Registry2025/01/27
 

Configure Private Registry to pull container images from self Private Registry.

This example is based on the environment like follows. 

+----------------------+   +----------------------+
|  [ ctrl.srv.world ]  |   |   [ dlp.srv.world ]  |
|     Manager Node     |   |     Control Plane    |
+-----------+----------+   +-----------+----------+
        eth0|10.0.0.25             eth0|10.0.0.30
            |                          |
------------+--------------------------+-----------
            |                          |
        eth0|10.0.0.51             eth0|10.0.0.52
+-----------+----------+   +-----------+----------+
| [ node01.srv.world ] |   | [ node02.srv.world ] |
|     Worker Node#1    |   |     Worker Node#2    |
+----------------------+   +----------------------+
[1]

On a Node you'd like to run Private Registry Pod,
Configure Registry with basic authentication and HTTPS connection (with valid certificate), refer to here.
On this example, Registry Pod is running on Manager Node.

[2] Add Secret in Kubernetes.
# login to the Registry once with a user

[centos@ctrl ~]$
podman login ctrl.srv.world:5000

Username:
serverworld

Password:
Login Succeeded!
# then following file is generated

[centos@ctrl ~]$
ll /run/user/$(id -u)/containers/auth.json

-rw-------. 1 centos centos 91 Jul 4 08:52 /run/user/1000/containers/auth.json
[centos@ctrl ~]$
AUTH=$(cat /run/user/$(id -u)/containers/auth.json | base64 | tr -d '\n') 

[centos@ctrl ~]$ cat <<EOF > regcred.yml
apiVersion: v1
kind: Secret
data:
  .dockerconfigjson: ${AUTH}
metadata:
  name: regcred
type: kubernetes.io/dockerconfigjson
EOF
[centos@ctrl ~]$
kubectl apply -f regcred.yml

secret "regcred" created
[centos@ctrl ~]$
kubectl get secrets 

NAME      TYPE                             DATA   AGE
regcred   kubernetes.io/dockerconfigjson   1      6s
[3] To pull images from self Private Registry, Specify private image and Secret when deploying pods like follows.
[centos@ctrl ~]$
podman images 

REPOSITORY                 TAG          IMAGE ID      CREATED     SIZE
ctrl.srv.world:5000/nginx  my-registry  9592f5595f2b  9 days ago  196 MB
docker.io/library/nginx    latest       9592f5595f2b  9 days ago  196 MB
[centos@ctrl ~]$
vi private-nginx.yml 
apiVersion: v1
kind: Pod
metadata:
  name: private-nginx
spec:
  containers:
  - name: private-nginx
    # image on Private Registry
    image: ctrl.srv.world:5000/nginx:my-registry
  imagePullSecrets:
  # Secret name you added
  - name: regcred
[centos@ctrl ~]$
kubectl create -f private-nginx.yml

pod "private-nginx" created
[centos@ctrl ~]$
kubectl get pods 

NAME            READY   STATUS    RESTARTS   AGE
private-nginx   1/1     Running   0          7s
[centos@ctrl ~]$
kubectl describe pods private-nginx 

Name:             private-nginx
Namespace:        default
Priority:         0
Service Account:  default
Node:             node02.srv.world/10.0.0.52
Start Time:       Fri, 04 Jul 2025 08:55:32 +0900
Labels:           <none>
Annotations:      cni.projectcalico.org/containerID: 677ec70ad374af53ba270fd1d5b7b80416353d1350a2bf0f7098e32f454d781a
                  cni.projectcalico.org/podIP: 192.168.241.135/32
                  cni.projectcalico.org/podIPs: 192.168.241.135/32
Status:           Running
IP:               192.168.241.135
IPs:
  IP:  192.168.241.135
Containers:
  private-nginx:
    Container ID:   cri-o://f08b8fa09701fcf10dac82533722cdbaff2448059e0fb7c5fba463987de49ce6
    Image:          ctrl.srv.world:5000/nginx:my-registry
    Image ID:       ctrl.srv.world:5000/nginx@sha256:13920fe73b382aa9017f7cf38b1377bc46ffb605fe980eb00f61aad26311ebf7
    Port:           <none>
    Host Port:      <none>
    State:          Running
      Started:      Fri, 04 Jul 2025 08:55:33 +0900
    Ready:          True
    Restart Count:  0
    Environment:    <none>
    Mounts:
      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-fmqwz (ro)
.....
.....
Matched Content