In many scenarios, you need to use images from a private image repository to deploy applications. This topic describes how to use Alibaba Cloud Container Registry to create a private image repository and then create an application that uses this private image repository.
Create a private image repository
If you are using Alibaba Cloud Container Registry for the first time, a Tips appears asking you to set a Registry logon password. Click Activate Now and follow the on-screen instructions to set the Registry logon password.
Log on to the Container Registry console.
In the top navigation bar, select a region.
In the left-side navigation pane, click Instances.
On the Instances page, click the Personal Edition instance that you want to manage.
-
On the personal instance management page, choose .
-
On the Repositories page, in the upper-left corner, select Create Repository.
-
In the Repository wizard, set Namespaces, Repository Name, Summary, and Repository Type. In this example, select private image repository. Then click Next.
-
In the Code Source wizard, set Code Source to Local Repository, then click Create Repository.
NoteOn the image repository list, click the name of the target image repository. On the Basic Information page, go to the Guide tab to view instructions for using this private image repository.
-
Run the following command to log on to the image repository.
Note-
If you are using an Alibaba Cloud account, your Alibaba Cloud account name is your image repository logon username.
-
If you are using a Resource Access Management (RAM) user, remove the .onaliyun.com suffix from your RAM user account name to obtain your image repository logon username. For example, if your RAM user is 123@1880770869021234.onaliyun.com, your image repository logon username is 123@1880770869021234.
sudo docker login --username=<image repository logon username> registry.cn-<region where your personal instance resides>.aliyuncs.comEnter your logon password when prompted. If the output shows
login succeeded, the logon is successful. -
-
Run the following command to view the image ID.
docker images -
Run the following command to tag the image.
sudo docker tag <image ID> registry.cn-hangzhou.aliyuncs.com/<namespace name>/<image repository name>:[image version] -
Run the following command to push the image to the image repository.
sudo docker push registry.cn-hangzhou.aliyuncs.com/<namespace name>/<image repository name>:[image version]Expected output:
The push refers to a repository [registry.cn-hangzhou.aliyuncs.com/XXX/tomcat-private] 9072c7b03a1b: Pushed f9701cf47c58: Pushed 365c8156ff79: Pushed 2de08d97c2ed: Pushed 6b09c39b2b33: Pushed 4172ffa172a6: Pushed 1dccf0da88f3: Pushed d2070b14033b: Pushed 63dcf81c7ca7: Pushed ce6466f43b11: Pushed 719d45669b35: Pushed 3b10514a95be: Pushed V1: digest: sha256:cded14cf64697961078aedfdf870e704a52270188c8194b6f70c778a8289**** size: 2836On the image repository details page, in the navigation pane on the left, click Tags. You can see that the image has been uploaded successfully and view its version information.
Create a secret of type private image repository logon credential
To pull images from a private repository, you must use a secret of type Private Repository Logon Secret.
Log on to the Container Service Management Console.
In the left navigation pane, click Cluster.
On the Cluster List page, click the name of the destination cluster or click Details in the Actions column.
In the left navigation pane of the cluster management page, choose .
-
On the Secrets page, in the upper-right corner, click Create.
-
On the Create page, configure the parameters, then click Confirm.
Parameter
Description
Name
Secret name.
Type
Secret type:
-
Opaque: A general-purpose secret type. Enter a key and a value. The value must be Base64-encoded.
-
Private image repository logon credential: Stores authentication information required to pull images from a private repository. Enter the image repository address, username, and password.
NoteThe username and password are your full Alibaba Cloud account name and the password you set when activating the service. You can change the password on the Access Credentials page.
-
TLS certificate: TLS is a mechanism used for identity verification.
-
Cert: Enter the TLS certificate information.
-
Key: Enter the TLS private key information.
-
You are redirected back to the Secrets page. You can see the newly created secret in the list.
-
You can also create a secret of type Private Repository Logon Secret using the command line. For more information, see Obtain the cluster KubeConfig and connect to the cluster using kubectl.
Create an application using a private image repository
Log on to the Container Service Management Console.
In the left navigation pane, click Cluster.
On the Cluster List page, click the name of the destination cluster or click Details in the Actions column.
In the left navigation pane of the cluster management page, choose .
-
On the Deployments page, in the upper-right corner, click Create from YAML.
NoteYou can also click Create from Image to create an application. For more information, see Create an application using an image secret.
-
Set Sample Template to Custom, and copy the following YAML content into the Template field.
apiVersion: apps/v1 kind: Deployment metadata: name: private-image namespace: default labels: app: private-image spec: replicas: 1 selector: matchLabels: app: private-image template: metadata: labels: app: private-image spec: containers: - name: private-image image: registry.cn-hangzhou.aliyuncs.com/namespace-name/tomcat-private:latest ports: - containerPort: 8080 imagePullSecrets: - name: regsecret -
Click Create.
Return to the Deployments list and view the application created using the private image repository.
For more information, see the Kubernetes official documentation Using a private registry.