Push and pull an image from your private registry

Now you can push your container image to your private registry. Because we have set up an HTTP basic authentication, you need to do docker login first. Otherwise you get a no basic auth credentials error:

//just tag nginx to your own private image
$ docker tag nginx 10.138.0.3:30500/my-nginx

//will be failed when push without login information. using complete image name with private registry as prefix
$ docker push 10.138.0.3:30500/my-nginx
The push refers to a repository [10.138.0.3:30500/my-nginx]
a103d141fc98: Preparing 
73e2bd445514: Preparing 
2ec5c0a4cb57: Preparing 
no basic auth credentials

Therefore, you need docker login to specify the username and password, which you set onto the registry_passwd file:

//docker login
$ docker login 10.138.0.3:30500
Username: user01
Password: 
Login Succeeded

//successfully to push
$ docker push 10.138.0.3:30500/my-nginx
The push refers to a repository [10.138.0.3:30500/my-nginx]
a103d141fc98: Pushed 
73e2bd445514: Pushed 
2ec5c0a4cb57: Pushed 
latest: digest: sha256:926b086e1234b6ae9a11589c4cece66b267890d24d1da388c96dd8795b2ffcfb size: 948

On the other hand, as for pulling an image from a private registry, Kubernetes nodes also needs to have a credential for your private registry. But using the docker login command on every node is not realistic. Instead, Kubernetes supports storing this credential as a Kubernetes secret and each node will use this credential while pulling an image.

To do that, we need to create a docker-registry resource that needs to specify:

  • --docker-server: In this example, 10.138.0.3:30500
  • --docker-username: In this example, user01
  • --docker-password: In this example, my-super-secure-password
  • --docker-email: Your email address
//create secret named "my-private-credential"
$ kubectl create secret docker-registry my-private-credential 
> --docker-server=10.138.0.3:30500 
> --docker-username=user01 
> --docker-password=my-super-secure-password 
> [email protected]
secret "my-private-credential" created

//successfully to created
$ kubectl get secret my-private-credential
NAME TYPE DATA AGE
my-private-credential kubernetes.io/dockerconfigjson 1 18s

 Finally, you can pull your private image from the private registry that is specifying the my-private-credential secret. To do that, set spec.imagePullSecrets as follows:

$ cat private-nginx.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: private-nginx
spec:
  containers:
  - name: private-nginx
    image: 10.138.0.3:30500/my-nginx
  imagePullSecrets:
  - name: my-private-credential

$ kubectl create -f private-nginx.yaml 
pod "private-nginx" created

//successfully to launch your Pod using private image
$ kubectl get pods private-nginx
NAME            READY     STATUS    RESTARTS   AGE
private-nginx   1/1       Running   0          10s

Congratulations! Now you can feel free to push your private images to your private registry run by Kubernetes. Also, pull an image from Kubernetes too. At any time, you can scale out based on client traffic.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
13.59.108.176