Debian 10 Buster
Sponsored Link

Kubernetes : Use Private Registry2019/08/26

 
Use Docker Private Registry to pull Docker images from self Private Registry.
This example is based on the environment like follows.
-----------+---------------------------+--------------------------+------------
           |                           |                          |
       eth0|10.0.0.30              eth0|10.0.0.51             eth0|10.0.0.52
+----------+-----------+   +-----------+----------+   +-----------+----------+
|   [ dlp.srv.world ]  |   | [ node01.srv.world ] |   | [ node02.srv.world ] |
|      Master Node     |   |      Worker Node     |   |      Worker Node     |
+----------------------+   +----------------------+   +----------------------+

[1]
On the Node you'd like to run Private Registry Pod, Run Docker Registry with authentication, refer to here of [1]-[4].
On this example, Registry Pod is runing on Master Node.
[2] Add Secret in Kubernetes.
# login to the Registry once

root@dlp:~#
docker login dlp.srv.world:5000

Username:
admin

Password:
Login Succeeded
# then following file is generated

root@dlp:~#
ll ~/.docker/config.json

-rw------- 1 root root 152 Aug 26 13:42 /root/.docker/config.json
# BASE64 encode of the file

root@dlp:~#
cat ~/.docker/config.json | base64

ewoJImF1dGhzIjogewoJCSJkb.....
root@dlp:~#
vi regcred.yml
# create new

# specify contents of BASE64 encoding above with one line for [.dockerconfigjson] section

apiVersion: v1
kind: Secret
data:
  .dockerconfigjson: ewoJImF1dGhzIjogewoJ.....
metadata:
  name: regcred
type: kubernetes.io/dockerconfigjson

root@dlp:~#
kubectl create -f regcred.yml

secret "regcred" created
root@dlp:~#
kubectl get secrets

NAME                  TYPE                                  DATA   AGE
default-token-tmkxz   kubernetes.io/service-account-token   3      135m
regcred               kubernetes.io/dockerconfigjson        1      7s
[3] To pull images from self Private Registry, Specify private image and Secret when deploying pods like follows.
root@dlp:~#
docker images dlp.srv.world:5000/nginx

REPOSITORY                 TAG                 IMAGE ID            CREATED             SIZE
dlp.srv.world:5000/nginx   latest              5a3221f0137b        10 days ago         126MB

root@dlp:~#
vi private-nginx.yml
apiVersion: v1
kind: Pod
metadata:
  name: private-nginx
spec:
  containers:
  - name: private-nginx
    # image on Private Registry
    image: dlp.srv.world:5000/nginx
  imagePullSecrets:
  # Secret name you added
  - name: regcred

root@dlp:~#
kubectl create -f private-nginx.yml

pod "private-nginx" created
root@dlp:~#
kubectl get pods

NAME            READY   STATUS    RESTARTS   AGE
private-nginx   1/1     Running   0          6s

root@dlp:~#
kubectl describe pods private-nginx

Name:         private-nginx
Namespace:    default
Priority:     0
Node:         node02.srv.world/10.0.0.52
Start Time:   Mon, 26 Aug 2019 13:46:41 +0900
Labels:       <none>
Annotations:  <none>
Status:       Running
IP:           10.244.2.6
Containers:
  private-nginx:
    Container ID:   docker://91cb9af6c062e34fee66f0c1dbbdec41d934b5cf18e0db0b47837a26bbcba52f
    Image:          dlp.srv.world:5000/nginx
.....
.....
Events:
  Type    Reason     Age   From                       Message
  ----    ------     ----  ----                       -------
  Normal  Scheduled  42s   default-scheduler          Successfully assigned default/private-nginx to node02.srv.world
  Normal  Pulling    41s   kubelet, node02.srv.world  Pulling image "dlp.srv.world:5000/nginx"
  Normal  Pulled     41s   kubelet, node02.srv.world  Successfully pulled image "dlp.srv.world:5000/nginx"
  Normal  Created    41s   kubelet, node02.srv.world  Created container private-nginx
  Normal  Started    40s   kubelet, node02.srv.world  Started container private-nginx
Matched Content