Kubernetes : Use Private Registry2024/06/07 |
Configure Private Registry to pull container images from self Private Registry. This example is based on the environment like follows. +----------------------+ +----------------------+ | [ ctrl.srv.world ] | | [ dlp.srv.world ] | | Manager Node | | Control Plane | +-----------+----------+ +-----------+----------+ eth0|10.0.0.25 eth0|10.0.0.30 | | ------------+--------------------------+----------- | | eth0|10.0.0.51 eth0|10.0.0.52 +-----------+----------+ +-----------+----------+ | [ node01.srv.world ] | | [ node02.srv.world ] | | Worker Node#1 | | Worker Node#2 | +----------------------+ +----------------------+ |
[1] |
On a Node you'd like to run Private Registry Pod, |
[2] | Add Secret in Kubernetes. |
# login to the Registry once with a user root@ctrl:~# podman login ctrl.srv.world:5000 Username: serverworld Password: Login Succeeded! # following file is generated root@ctrl:~# ll /run/user/0/containers/auth.json -rw------- 1 root root 91 Jun 7 04:06 /run/user/0/containers/auth.json # BASE64 encode of the file root@ctrl:~# cat /run/user/0/containers/auth.json | base64 ewoJImF1dGhzIjogewoJCSJjdHJsLnN.....
root@ctrl:~#
vi regcred.yml # create new # specify contents of BASE64 encoding above with one line for [.dockerconfigjson] section apiVersion: v1 kind: Secret data: .dockerconfigjson: ewoJImF1dGhzIjogewoJCSJjdHJsLnNy..... metadata: name: regcred type: kubernetes.io/dockerconfigjson kubectl create -f regcred.yml secret "regcred" created root@ctrl:~# kubectl get secrets NAME TYPE DATA AGE regcred kubernetes.io/dockerconfigjson 1 4s |
[3] | To pull images from self Private Registry, Specify private image and Secret when deploying pods like follows. |
root@ctrl:~# podman images REPOSITORY TAG IMAGE ID CREATED SIZE ctrl.srv.world:5000/nginx my-registry 8cc89f55a4af About a minute ago 126 MB srv.world/ubuntu-nginx latest 8cc89f55a4af About a minute ago 126 MB docker.io/library/ubuntu latest 17c0145030df 7 days ago 78.7 MB
root@ctrl:~#
vi private-nginx.yml apiVersion: v1 kind: Pod metadata: name: private-nginx spec: containers: - name: private-nginx # image on Private Registry image: ctrl.srv.world:5000/nginx:my-registry imagePullSecrets: # Secret name you added - name: regcred
root@ctrl:~#
root@ctrl:~# kubectl create -f private-nginx.yml pod "private-nginx" created kubectl get pods NAME READY STATUS RESTARTS AGE private-nginx 1/1 Running 0 11sroot@ctrl:~# kubectl describe pods private-nginx Name: private-nginx Namespace: default Priority: 0 Service Account: default Node: node02.srv.world/10.0.0.52 Start Time: Fri, 07 Jun 2024 04:15:31 +0000 Labels: <none> Annotations: cni.projectcalico.org/containerID: cd962c8ef7bba34ef95bfe6b1cdb8c2b16ee1e65450f92fbf6ff35022b404171 cni.projectcalico.org/podIP: 192.168.241.133/32 cni.projectcalico.org/podIPs: 192.168.241.133/32 Status: Running IP: 192.168.241.133 IPs: IP: 192.168.241.133 Containers: private-nginx: Container ID: containerd://8ac1b511600858b55a6d059592efcd8e30d4cf7e3ec62294c57c0cb35a151fd8 Image: ctrl.srv.world:5000/nginx:my-registry Image ID: ctrl.srv.world:5000/nginx@sha256:b790f6375b967d44c7991183af48faa86cb321e478476a5b80791559dd2d0246 Port: <none> Host Port: <none> State: Running Started: Fri, 07 Jun 2024 04:15:34 +0000 Ready: True Restart Count: 0 Environment: <none> Mounts: /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-xgq42 (ro) ..... ..... |
Sponsored Link |
|