Introduction:   This article mainly introduces how to use private image to arrange containers in Kubernetes cluster.

For image download, domain name resolution and time synchronization, please click   Alibaba open source mirror station

Operation method

Kubernetes clusters support the orchestration of containers using private images. First, you need to create a key for orchestration container, and you can implement keyless orchestration.

1, Use key orchestration container

1. Use kubectl to connect the Master node of the Kubernetes cluster. For details, see Connecting Kubernetes clusters through kubectl.
2. Execute the following command to create and pull the private image key.

kubectl create secret docker-registry [$Reg_Secret] --docker-server=[$Registry] --docker-username=[$Username] --docker-password=[$Password] --docker-email=[$Email]

Note:

• [$Reg_Secret] is the key name of the key, which can be defined by yourself.
• [$Registry] is the Docker warehouse address.
• [$Username] is the user name for logging into Docker warehouse.
• [$Password] is the Password to log in to Docker warehouse.
• [$Email] is the Email address. This configuration item is optional.

3. Add key related configuration items into the arranged YAML file. After completion, the YAML file is similar to the following.

containers:
    - name: foo
     image: [$Registry]/abc/test:1.0
imagePullSecrets:
    - name: [$Reg_Secret]

Note:

• imagePullSecrets   Configured to specify the key when claiming to pull the image.
• See official documentation for details Use private warehouse.

2, Implement keyless orchestration

To avoid referencing the key every time you deploy a private image, you can add the secret to the default service account in the namespace. See Add ImagePullSecrets to a service account.
In this example, the default service account default of the namespace is modified by manual configuration, so that this secret is used as imagePullSecret.
1. Execute the following command to view the previously created key.

kubectl get secret [$Reg_Secret]

The system display is similar to the following:

NAME          TYPE                             DATA      AGE
[$Reg_Secret] kubernetes.io/dockerconfigjson   1         13m

2. Execute the following commands successively to export the configuration of the service account default to the sa.yaml file and view the file.

kubectl get serviceaccounts default -o yaml > ./sa.yaml
cat sa.yaml

The system display is similar to the following:

apiVersion: v1
kind: ServiceAccount
metadata:
  creationTimestamp: 2015-08-07T22:02:39Z
  name: default
  namespace: default
  resourceVersion: "243024"             ##Pay attention to this item   
selfLink: /api/v1/namespaces/default/serviceaccounts/default
  uid: 052fb0f4-3d50-11e5-b066-42010af0d7b6
secrets:
- name: default-token-uudge

3. Edit the sa.yaml file, delete the original resourceVersion configuration item, and add the key configuration item imagePullSecrets for pulling images. The modified configuration is as follows:

apiVersion: v1
kind: ServiceAccount
metadata:
  creationTimestamp: 2015-08-07T22:02:39Z
  name: default
  namespace: default
  selfLink: /api/v1/namespaces/default/serviceaccounts/default
  uid: 052fb0f4-3d50-11e5-b066-42010af0d7b6
secrets:
- name: default-token-uudge
imagePullSecrets:                 ##Add this item
- name: regsecret

4. Execute the following command to update the default service account with the sa.yaml configuration file.

kubectl replace serviceaccount default -f ./sa.yaml

The system display is similar to the following:

serviceaccount "default" replaced

5. In this paper, taking the choreography of tomcat as an example, execute the kubectl create -f command to create a Pod. The configuration file is shown below.

apiVersion: apps/v1beta2 # for versions before 1.8.0 use apps/v1beta1
kind: Deployment
metadata:
  name: tomcat-deployment
  labels:
    app: tomcat
spec:
  replicas: 1
  selector:
    matchLabels:
      app: tomcat
  template:
    metadata:
      labels:
        app: tomcat
    spec:
      containers:
      - name: tomcat
        image: [$Registry]/abc/test:1.0
        ports:
        - containerPort: 8080

6. If the configuration is correct, the Pod will start successfully. Execute the following command to view the configuration items.

kubectl get pod tomcat-XXX -o yaml

The system displays something similar to the following to confirm that the keyless arrangement is successful.

spec:
  imagePullSecrets:
  - nameregsecretey

  This article is transferred from: How to support private images in Kubernetes Cluster - alicloud developer community