• Cloud Container Engine

cce
  1. Help Center
  2. Cloud Container Engine
  3. User Guide
  4. Operation Guide
  5. Container Registry
  6. Uploading a Private Container Image Through Intranet

Uploading a Private Container Image Through Intranet

This section describes how to upload private container images through intranet.

Before you upload a private container image, tag the image. A tag contains the address of the private container registry to which the image will be uploaded.

NOTE:
  • Container images are uploaded using Docker commands. For details about Docker commands, see https://docs.docker.com/engine/reference/commandline/cli/.
  • At present, CCE allows you to upload only the Linux based images to the image repository. The Windows based images cannot be uploaded.

Prerequisites

Procedure

  1. Launch the local Docker client.
  2. Run the docker tag command to tag the container images that you will upload.

    Command syntax:

    docker tag images_id 100.125.1.72:6443/domain_name/image_name:version

    In this command:

    • images_id is the image ID.
    • 100.125.1.72:6443 is the container registry address that is internally accessible.
    • domain_name is the Domain Name used for uploading a container image.

      The value of domain_name parameter must be a string of lowercase letters without space. For example, if the value of Domain Name is "CCE test", then the value of domain_name must be converted to "ccetest".

      Your domain_name can be something like: OTC00000000001000010622 and can be found under the MyCredentials page in your OTC.

    • image_name is the container image name.
    • version is the version number of the container image.

    Example command:

    docker tag c9fd36df346a 100.125.1.72:6443/otc00000000001000010622/frontend:latest

  3. Run the docker push command to upload container images.

    Command syntax:

    docker push 100.125.1.72:6443/domain_name/image_name:version

    In this command:

    • 100.125.1.72:6443 is the container registry address that is internally accessible.
    • domain_name is the Domain Name used for uploading container images.

      The domain_name must be a string of lowercase letters without space. For example, if the Domain Name is "CCE test", then the domain_name must be converted to "ccetest".

    • image_name is the container image name.
    • version is the version number of the container image.

    Example command:

    docker push 100.125.1.72:6443/otc00000000001000010622/frontend:latest

    If information similar to the following is displayed, the container images are uploaded successfully:

    The push refers to a repository [100.125.1.72:6443/otc00000000001000010622/redisslave]
    ......
    latest: digest: sha256:e59050aa3ed5c08fe9907a3ca0198cc85892c77ae17d90f4c54775691432827a size: 12019
    • If container image signing is enabled and this is the first time you upload container images, the CCE console prompts you to specify passwords for root and repository keys. The root and repository keys are used for signing container images. Keep these passwords secure. The root key of Notary is saved in the ~/.docker/trust path on the docker machine used to upload container images for the first time. The folder in which the root key is saved is named by container image registry. If the root key is lost, contact the database administrator to recover it so that container image signatures can then be updated, deleted, or uploaded to your container image registry. If you want to use a docker machine other than the one you used to upload container images for the first time, copy files from the ~/.docker/trust path on the original docker machine to the ~/.docker/trust path on the new docker machine. If you want to update the root key, run the following command:

      notary -s https://your-notary-server-address:4443 -d ~/.docker/trust key rotate your-dockerhub:443/your-namespace/your-repo root.

    • To prevent a loss of keys, run the following command to back up the ~/.docker/trust directory where root and repository keys are saved:

      tar czvf docker_trust.tar.gz ~/.docker/trust

      For more information on key management, see https://docs.docker.com/engine/security/trust/trust_key_mng/.

    A list of uploaded container images is displayed on the Container Registry page.