Kubernetes : Configure Private Registry2023/07/28 |
|
Configure Private Registry to pull container images from self Private Registry. This example is based on the environment like follows.
-----------+---------------------------+--------------------------+------------
| | |
eth0|10.0.0.25 eth0|10.0.0.71 eth0|10.0.0.72
+----------+-----------+ +-----------+-----------+ +-----------+-----------+
| [ ctrl.srv.world ] | | [snode01.srv.world] | | [snode02.srv.world] |
| Control Plane | | Worker Node | | Worker Node |
+----------------------+ +-----------------------+ +-----------------------+
|
| [1] |
On a Node you'd like to run Private Registry Pod,
Configure Registry with basic authentication and HTTPS connection (with valid certificate), refer to here. On this example, Registry Pod is running on Control Plane Node. |
| [2] | Add Secret in Kubernetes. |
|
root@ctrl:~# podman ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 551b0044ab60 docker.io/library/registry:2 /etc/docker/regis... 15 seconds ago Up 15 seconds ago 0.0.0.0:5000->5000/tcp trusting_yalow # login to the Registry once with a user root@ctrl:~# podman login ctrl.srv.world:5000 Username: debian Password: Login Succeeded! # then following file is generated root@ctrl:~# ll /run/user/0/containers/auth.json -rw------- 1 root root 83 Jul 28 00:30 /run/user/0/containers/auth.json # BASE64 encode of the file root@ctrl:~# cat /run/user/0/containers/auth.json | base64 ewoJImF1dGhzIjogewoJCSJjdHJsLnNy.....
root@ctrl:~#
vi regcred.yml # create new # specify contents of BASE64 encoding above with one line for [.dockerconfigjson] section apiVersion: v1 kind: Secret data: .dockerconfigjson: ewoJImF1dGhzIjogewoJCSJjdHJsLnNy..... metadata: name: regcred type: kubernetes.io/dockerconfigjson kubectl create -f regcred.yml secret "regcred" created root@ctrl:~# kubectl get secrets NAME TYPE DATA AGE regcred kubernetes.io/dockerconfigjson 1 4s |
| [3] | To pull images from self Private Registry, Specify private image and Secret when deploying pods like follows. |
|
root@ctrl:~# podman images REPOSITORY TAG IMAGE ID CREATED SIZE docker.io/library/nginx latest 89da1fb6dcb9 3 hours ago 191 MB ctrl.srv.world:5000/nginx my-registry 89da1fb6dcb9 3 hours ago 191 MB docker.io/library/registry 2 4bb5ea59f8e0 6 weeks ago 24.6 MB
root@ctrl:~#
vi private-nginx.yml
apiVersion: v1
kind: Pod
metadata:
name: private-nginx
spec:
containers:
- name: private-nginx
# image on Private Registry
image: ctrl.srv.world:5000/nginx:my-registry
imagePullSecrets:
# Secret name you added
- name: regcred
root@ctrl:~#
root@ctrl:~# kubectl create -f private-nginx.yml pod "private-nginx" created kubectl get pods NAME READY STATUS RESTARTS AGE private-nginx 1/1 Running 0 8sroot@ctrl:~# kubectl describe pods private-nginx
Name: private-nginx
Namespace: default
Priority: 0
Service Account: default
Node: snode02.srv.world/10.0.0.72
Start Time: Fri, 28 Jul 2023 00:37:05 -0500
Labels: <none>
Annotations: cni.projectcalico.org/containerID: 66ed5e1eda39db0df3c2b7ece965fb2a6021ab8321eb25ca4f6f06d1783acf27
cni.projectcalico.org/podIP: 192.168.211.133/32
cni.projectcalico.org/podIPs: 192.168.211.133/32
Status: Running
IP: 192.168.211.133
IPs:
IP: 192.168.211.133
Containers:
private-nginx:
Container ID: containerd://b7358c3d60d6ed43a3fcca35248fbe04b70521973d23c1f573fbf94d16166a7c
Image: ctrl.srv.world:5000/nginx:my-registry
Image ID: ctrl.srv.world:5000/nginx@sha256:a126fb9d849c27d0dffa6d6a3b2b407d1184042f8291b8369579d8cd2b325db0
Port: <none>
Host Port: <none>
State: Running
Started: Fri, 28 Jul 2023 00:37:06 -0500
Ready: True
Restart Count: 0
Environment: <none>
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-cf6pg (ro)
.....
.....
|
| Sponsored Link |