How do Kubernetes clusters support private images

Introduction: This article mainly introduces how to use private image to arrange containers in Kubernetes cluster.


For image download, domain name resolution and time synchronization, please click Alibaba open source mirror station

Operation method

Kubernetes clusters support the use of private images to orchestrate containers. First, you need to create a key for orchestration container, and you can realize keyless orchestration.

1, Use key orchestration container

1. Use kubectl to connect the Master node of the Kubernetes cluster. For details, see Connect Kubernetes cluster through kubectl.
2. Execute the following command to create and pull the private image key.

kubectl create secret docker-registry [$Reg_Secret] --docker-server=[$Registry] --docker-username=[$Username] --docker-password=[$Password] --docker-email=[$Email]

Note:

  • [$Reg_Secret] is the key name of the key, which can be defined by yourself.
  • [$Registry] is the Docker warehouse address.
  • [$Username] is the user name for logging into Docker warehouse.
  • [$Password] is the Password to log in to Docker warehouse.
  • [$Email] is the Email address, which is optional.

3. Add key related configuration items into the arranged YAML file. After completion, the YAML file is similar to the following.

containers:
    - name: foo
     image: [$Registry]/abc/test:1.0
imagePullSecrets:
    - name: [$Reg_Secret]

Note:

  • imagePullSecrets is configured as the key specified when claiming to pull the image.
  • See official documentation for details Use private warehouse.

2, Implement keyless orchestration

To avoid referencing the key every time you deploy a private image, you can add the secret to the default service account in the namespace. See Add ImagePullSecrets to a service account.
In this example, the default service account default of the namespace is modified by manual configuration, so that this secret is used as imagePullSecret.
1. Execute the following command to view the previously created key.

kubectl get secret [$Reg_Secret]

The system display is similar to the following:

NAME          TYPE                             DATA      AGE
[$Reg_Secret] kubernetes.io/dockerconfigjson   1         13m

2. Execute the following commands in sequence to export the configuration of the service account default to sa Yaml file and view it.

kubectl get serviceaccounts default -o yaml > ./sa.yaml
cat sa.yaml

The system display is similar to the following:

apiVersion: v1
kind: ServiceAccount
metadata:
  creationTimestamp: 2015-08-07T22:02:39Z
  name: default
  namespace: default
  resourceVersion: "243024"             ##Pay attention to this item 
selfLink: /api/v1/namespaces/default/serviceaccounts/default
  uid: 052fb0f4-3d50-11e5-b066-42010af0d7b6
secrets:
- name: default-token-uudge

3. Edit SA Yaml file, delete the original resourceVersion configuration item, and add the key configuration item imagePullSecrets of the pull image. The modified configuration is as follows:

apiVersion: v1
kind: ServiceAccount
metadata:
  creationTimestamp: 2015-08-07T22:02:39Z
  name: default
  namespace: default
  selfLink: /api/v1/namespaces/default/serviceaccounts/default
  uid: 052fb0f4-3d50-11e5-b066-42010af0d7b6
secrets:
- name: default-token-uudge
imagePullSecrets:                 ##Add this item
- name: regsecret

4. Execute the following command with SA The yaml configuration file updates the default service account.

kubectl replace serviceaccount default -f ./sa.yaml

The system display is similar to the following:

serviceaccount "default" replaced

5. In this paper, taking the choreography of tomcat as an example, execute the kubectl create -f command to create a Pod. The configuration file is shown below.

apiVersion: apps/v1beta2 # for versions before 1.8.0 use apps/v1beta1
kind: Deployment
metadata:
  name: tomcat-deployment
  labels:
    app: tomcat
spec:
  replicas: 1
  selector:
    matchLabels:
      app: tomcat
  template:
    metadata:
      labels:
        app: tomcat
    spec:
      containers:
      - name: tomcat
        image: [$Registry]/abc/test:1.0
        ports:
        - containerPort: 8080

6. If the configuration is correct, the Pod will start successfully. Execute the following command to view the configuration items.

kubectl get pod tomcat-XXX -o yaml

The system displays something similar to the following to confirm that the keyless arrangement is successful.

spec:
  imagePullSecrets:
  - nameregsecretey

This article is transferred from: How to support private images in Kubernetes Cluster - Alibaba cloud developer community

Keywords: Docker Kubernetes Container

Added by jrbush82 on Mon, 21 Feb 2022 16:12:13 +0200

Popular Keywords

©2024 Programming VIP