Kubernetes : Use Private Registry2025/05/20 |
Configure Private Registry to pull container images from self Private Registry. This example is based on the environment like follows. +----------------------+ +----------------------+ | [ ctrl.srv.world ] | | [ dlp.srv.world ] | | Manager Node | | Control Plane | +-----------+----------+ +-----------+----------+ eth0|10.0.0.25 eth0|10.0.0.30 | | ------------+--------------------------+----------- | | eth0|10.0.0.51 eth0|10.0.0.52 +-----------+----------+ +-----------+----------+ | [ node01.srv.world ] | | [ node02.srv.world ] | | Worker Node#1 | | Worker Node#2 | +----------------------+ +----------------------+ |
[1] |
On a Node you'd like to run Private Registry Pod, |
[2] | Add Secret in Kubernetes. |
# login to the Registry once with a user [cent@ctrl ~]$ podman login ctrl.srv.world:5000 Username: serverworld Password: Login Succeeded! # then following file is generated [cent@ctrl ~]$ ll /run/user/$(id -u)/containers/auth.json -rw-------. 1 cent cent 91 May 20 13:12 /run/user/1000/containers/auth.json AUTH=$(cat /run/user/$(id -u)/containers/auth.json | base64 | tr -d '\n')
[cent@ctrl ~]$ cat <<EOF > regcred.yml
apiVersion: v1
kind: Secret
data:
.dockerconfigjson: ${AUTH}
metadata:
name: regcred
type: kubernetes.io/dockerconfigjson
EOF
[cent@ctrl ~]$ kubectl apply -f regcred.yml secret "regcred" created [cent@ctrl ~]$ kubectl get secrets NAME TYPE DATA AGE regcred kubernetes.io/dockerconfigjson 1 5s |
[3] | To pull images from self Private Registry, Specify private image and Secret when deploying pods like follows. |
[cent@ctrl ~]$ podman images REPOSITORY TAG IMAGE ID CREATED SIZE ctrl.srv.world:5000/nginx my-registry a830707172e8 4 weeks ago 197 MB docker.io/library/nginx latest a830707172e8 4 weeks ago 197 MB
[cent@ctrl ~]$
vi private-nginx.yml apiVersion: v1 kind: Pod metadata: name: private-nginx spec: containers: - name: private-nginx # image on Private Registry image: ctrl.srv.world:5000/nginx:my-registry imagePullSecrets: # Secret name you added - name: regcred
[cent@ctrl ~]$
[cent@ctrl ~]$ kubectl create -f private-nginx.yml pod "private-nginx" created kubectl get pods NAME READY STATUS RESTARTS AGE private-nginx 1/1 Running 0 5s[cent@ctrl ~]$ kubectl describe pods private-nginx Name: private-nginx Namespace: default Priority: 0 Service Account: default Node: node01.srv.world/10.0.0.51 Start Time: Tue, 20 May 2025 13:16:29 +0900 Labels: <none> Annotations: cni.projectcalico.org/containerID: 47baf590e146fba139f9431e35dea72e04d49323f496341ebdfcb5bc387bfd92 cni.projectcalico.org/podIP: 192.168.40.204/32 cni.projectcalico.org/podIPs: 192.168.40.204/32 Status: Running IP: 192.168.40.204 IPs: IP: 192.168.40.204 Containers: private-nginx: Container ID: cri-o://af0370323e7b99d1b09f01a2ffed2a39a3f750bd0fbbfc0ffe35f09d9ca24502 Image: ctrl.srv.world:5000/nginx:my-registry Image ID: ctrl.srv.world:5000/nginx@sha256:82e6a071627fc52d9777dcc8696d3934969250fd219ea88906104b25165cb136 Port: <none> Host Port: <none> State: Running Started: Tue, 20 May 2025 13:16:30 +0900 Ready: True Restart Count: 0 Environment: <none> Mounts: /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-f7kxn (ro) ..... ..... |
Sponsored Link |
|