A Docker image is a read-only template that can be used to deploy container services, each with a specific unique identifier (i.e. Image name:Tag). For example, an image can contain a full Ubuntu operating system environment with only Apache or other applications that users need. The image registry is used to store and distribute Docker images.
Sign in with project-regular, enter into one project (e.g. demo-namespace), then select Configuration Center → Secrets.
Click Create Secret button, then fill in the basic information in the pop-up window.
dockerhub-qingcloud
.Click Next when you're done.
Image Repository Secret
as the type, then fill in the account authentication information of the image registry.dockerhub.qingcloud.com
as an example.
If you need to add Dokcer Hub as the image registry, first make sure you have already registered your account in Docker Hub. Then reference the same steps as above, fill in docker.io
as the image registry address, and enter your personal DockerHub username and password.
Intro
Harbor is an an open source trusted cloud native registry project that stores, signs, and scans content. Harbor extends the open source Docker Distribution by adding the functionalities usually required by users such as security, identity and management.
KubeSphere Installer has integrated Harbor's Helm Chart, which is an optional installation item, so it requires to enable the installation in advance, users can configure the installation according to the needs of the teams. Before start installation, you just need to configure in conf/vars.yml
, see Integrating Harbor registry.
According to the address type of the Harbor, you need to divide into http and https:
http://139.198.16.232
, then you need to add a field as --insecure-registry=139.198.16.232
into /etc/systemd/system/docker.service.d/docker-options.conf
.Sample
[Service]
Environment="DOCKER_OPTS=--registry-mirror=https://registry.docker-cn.com --insecure-registry=10.233.0.0/18 --graph=/var/lib/docker --log-opt max-size=50m --log-opt max-file=5 \
--insecure-registry=139.198.16.232"
$ sudo systemctl daemon-reload
$ sudo systemctl restart docker
ca.crt
. Take the URL https://harbor.openpitrix.io
as an example, you need to execute following command to all the nodes in the cluster:$ sudo cp ca.crt /etc/docker/certs.d/harbor.openpitrix.io/ca.crt
UBUNTU
$ sudo cp ca.crt /usr/local/share/ca-certificates/harbor.openpitrix.io.ca.crt
$ sudo update-ca-certificates
RED HAT ENTERPRISE LINUX
$ sudo cp ca.crt /etc/pki/ca-trust/source/anchors/harbor.openpitrix.io.ca.crt
$ sudo update-ca-trust
$ sudo systemctl systemctl daemon-reload
$ sudo systemctl restart docker
Take the creation of a deployment as an example to demonstrate how to use the image registry and pull images from the registry. For example, there is a image mysql:5.6
in QingCloud image registry. When creating a Deployment, enter dockerhub.qingcloud.com/mysql:5.6
in the Pod template, the format is image registry address:tag
, this image could be pulled from the pointed registry after the workload has been created.