• Cloud Container Engine

cce
  1. Help Center
  2. Cloud Container Engine
  3. API Reference
  4. Appendix
  5. Using an External Private Container Image

Using an External Private Container Image

This section describes how to use an external private container image to create a containerized application through native Kubernetes APIs.

Preparations

The external private container registry address has been appended to the --insecure-registry in the DOCKER_OPTS of each node in the container cluster by running the vi /etc/default/docker command.

Procedure

  1. Log in to a Linux server.
  2. Encode the username and password of the private container registry.

    1. Run the cd ~ command to go to the directory of the current user.
    2. Create the usernamepassword.txt file.

      touch usernamepassword.txt

    3. Edit the created file.

      vi usernamepassword.txt

      Press i to enter the edit mode, and add the following information to the file:

      username:password

      username indicates the username of the private container registry; password indicates the password of the private container registry.

      Save the modification and exit.

    4. Run the following command to encode the usernamepassword.txt file:

      cat ~/usernamepassword.txt |base64 -w 0

      The following character string indicates the encoded username and password:

      "auth": ""

  3. Run the following commands to edit the config.json file:

    touch config.json

    vi config.json

    Press i to enter the edit mode, and add the following information to the file:

    {      
     "auths": {    
           "10.120.169.208:5000": {     
           "auth": ""  
         }  
      } 
    }

    10.120.169.208:5000 indicates the access address of the private container registry; "auth": "" indicates the encoded username and password obtain in 2.

    Save the modification and exit.

  4. Run the following command to generate the private key:

    cat ~/config.json |base64 -w 0

    The following private key is obtained:

    ******

  5. Obtain the X-Auth-Token.

    For details, see section Token Authentication.

  6. Obtain the cluster UUID.

    curl -k https://Endpoint/api/v1/clusters -H "Content-Type:application/json" -H "X-Auth-Token:$token"

    Replace $token with the token obtained in 5.

    For the method of using this API, see section Obtaining Information About All Clusters.

  7. Run the following command to create a secret:

    curl -v -H "Content-type: application/json"  -X POST -d ' { "apiVersion": "v1", "kind": "Secret", "metadata": { "name": "registry", "namespace": "default"}, "data": { ".dockerconfigjson": "ewogICAgImF1dGhzIjogewogICAgICAgICIxMC4xMjAuMTY5LjIwODo1MDAwIjogewogICAgICAgICAgICAiYXV0aCI6ICJkekF3TWpjNE9UUTNPbWgxWVhkbGFRPT0iCiAgICAgICAgfQp9Cn0K"}, "type": "kubernetes.io/dockerconfigjson" }' https://Endpoint/api/v1/namespaces/default/secrets -H "X-Cluster-UUID: 897d7106-5cce-416c-890f-3099e53dd0ca" -H "X-Auth-Token: $token" 

    The value of .dockerconfigjson indicates the private key obtained in 4897d7106-5cce-416c-890f-3099e53dd0ca indicates the cluster UUID obtained in 6.

    For the method of using this API, see section Creating a Secret.

    NOTE:

    Do not set the secret name to myregistry (because myregistry has already been used). Set the secret name to other values.

  8. Run the following command to create a pod:

    curl -v -H "Content-type: application/json"  -X POST -d '{ "apiVersion": "v1", "kind": "Pod", "metadata": {"name":"hello-world", "namespace":"default", "labels": {"name":"brace"}}, "spec":{ "containers": [ { "image":"10.120.169.208:5000/nginx:latest", "env": [{ "name": "cy", value": "cy" }], "imagePullPolicy": "IfNotPresent", "name":"hello-world", "volumeMounts": [{ "mountPath": "/tmp/foo", "name":"test" }]}], "imagePullSecrets": [{ "name":"registry" }], "volumes": [ { "name": "test", "emptyDir": { }}], "restartPolicy":"Always" } }' https://Endpoint/api/v1/namespaces/default/pods -H "X-Cluster-UUID: 897d7106-5cce-416c-890f-3099e53dd0ca" -H "X-Auth-Token: $token"

    registry indicates the secret name created in 7897d7106-5cce-416c-890f-3099e53dd0ca indicates the cluster UUID obtained in 6.

    For the method of using this API, see section Creating a Pod.

  9. Run the following command to query the pod status:

    curl -k -v -X GET -H "X-Cluster-UUID:897d7106-5cce-416c-890f-3099e53dd0ca" -H "X-Auth-Token: $token" https://Endpoint/api/v1/namespaces/default/pod/hello-world

    897d7106-5cce-416c-890f-3099e53dd0ca indicates the cluster UUID obtained in 6hello-world is the name of the pod created in 8.

    For method of using this API, see section Reading a Specified Pod.

    In the information returned by this API, check the pod status. If the pod is in the running state, external private container images can be used to create containerized applications.