CCE allows you to pull images from a third-party image repository to create applications.
Generally, you are required to pass authentication using your account and password before accessing a third-party image repository. The secret authentication mode is used for pulling images from a CCE container. Therefore, you must create a secret for accessing the image repository before pulling images.
When you create an application using a third-party image, ensure that the node where the application is running can access public networks.
Creating an Application on the GUI
- Create a secret for accessing a third-party image repository.
In the navigation pane, choose Configuration Center > Secrets. Click Create Secret, and set Type to kubernetes.io/dockerconfigjson. For more information, see Creating a Secret. In Secret Data, set Username and Password to those used to log in to the third-party image repository.
- Create an application. For more information, see Creating a Stateless Application or Creating a Stateful Application. If you use a third-party image to create an application, set the parameters as follows:
- Set Authenticate Secret to Yes.
- Select the secret created in 1.
- Enter the image address.
- Click OK.
Creating an Application using kubectl
- Configure kubectl. For details, see Connecting to a Kubernetes Cluster Using kubectl.
- Log in to the ECS server where kubectl is configured.
- Create a secret of the dockerconfigjson type using kubectl.
kubectl create secret docker-registry myregistrykey --docker-server=DOCKER_REGISTRY_SERVER --docker-username=DOCKER_USER --docker-password=DOCKER_PASSWORD --docker-email=DOCKER_EMAIL
In the preceding commands,
indicates the secret name, and other parameters are described as follows:
- DOCKER_REGISTRY_SERVER: address of a third-party image repository, for example, www.3rdregistry.com or 10.10.10.10:443
- DOCKER_USER: account used for logging in to a third-party image repository
- DOCKER_PASSWORD: password used for logging in to a third-party image repository
- DOCKER_EMAIL: email of a third-party image repository
- Use a third-party image to create an application.
The secret of the dockerconfigjson type is used for authentication when you obtain a private image. The following is an example of using the myregistrykey for authentication.
- name: foo
- name: myregistrykey #Use the secret created in step 3.