In this tutorial, we are going to guide you in using images from OVHcloud Managed Private Registry service on OVHcloud Managed Kubernetes clusters.
Before you begin
This tutorial assumes that you already have a working OVHcloud Managed Kubernetes cluster and some basic knowledge of how to operate it. If you want to know more about those topics, please look at the deploying a Hello World application documentation.
You also need to have a working OVHcloud Managed Private Registry and have followed the guides on creating a private registry, connecting to the UI, managing users and projects, and creating and using private images.
We will specifically suppose you have followed the last one and you have a hello-ovh
image on your private registry.
Create Kubernetes Secret
Kubernetes needs to have access to the private registry to pull images from it, so you need to store the private registry credentials in a Kubernetes Secret. There are two ways to create the registry credentials secret. Choose the solution you prefer.
1. Create a Secret based on existing Docker credentials
Log in to your OVHcloud Managed Private Registry
To pull a private image from your private registry, you must authenticate with it using docker login
.
docker login [YOUR_PRIVATE_REGISTRY_URL]
For my private registry:
$ docker login 8093ff7x.c1.va1.container-registry.ovh.us Username: private-user Password: Login Succeeded
The login process creates or updates a config.json
file that holds an authorization token.
View the config.json
file:
cat ~/.docker/config.json
Creating the Secret
Let's create a Secret of docker-registry
type.
You will use this Secret to authenticate with your private registry to pull a private image.
If you already ran docker login
, you can copy that credential into Kubernetes:
kubectl create secret generic regcred \ --from-file=.dockerconfigjson=<path/to/.docker/config.json> \ --type=kubernetes.io/dockerconfigjson
For my private registry:
$ kubectl create secret generic regcred \ --from-file=.dockerconfigjson=/Users/avache/.docker/config.json \ --type=kubernetes.io/dockerconfigjson secret/regcred created
You can check the secret has been correctly deployed in your Kubernetes cluster:
$ kubectl get secret regcred -o jsonpath="{.data.\.dockerconfigjson}" ewogICAgICAgICJhdXRocyI6IHsKCQkiaHR0cHM6Ly9pbmRleC5kb2NrZXIuaW8vdjEvIjogewogICAgICAgICAgICAgICAgICAgICAgICAiYXV0aCI6ICJjMk55WVd4NU9qaDBhM00wWm01aiIKICAgICAgICAgICAgICAgIH0sCiAgICAgICAgICAgICAgICAiY3g2ZHMzMGQuZ3JhNy5jb250YWluZXItcmVnaXN0cnkub3ZoLm5ldCI6IHsKICAgICAgICAgICAgICAgICAgICAgICAgImF1dGgiOiAiY0hKcGRtRjBaUzExYzJWeU9sQnlhWFpoZEdWVmMyVnlNUT09IgogICAgICAgICAgICAgICAgfQogICAgICAgIH0KfQo=
2. Create a Secret by providing credentials on the command line
Let's create a Secret of docker-registry
type.
You will use this Secret to authenticate with your private registry to pull a private image:
kubectl create secret docker-registry regcred \ --docker-server=<your-registry-server> \ --docker-username=<your-username> \ --docker-password=<your-password>
For my private registry:
$ kubectl create secret docker-registry regcred \ --docker-server=cx6ds30d.c1.va1.container-registry.ovh.us \ --docker-username=private-user \ --docker-password=PrivateUser1 secret/regcred created
You can check the secret has been correctly deployed in your Kubernetes cluster:
$ kubectl get secret regcred -o jsonpath="{.data.\.dockerconfigjson}" eyJhdXRocyI6eyJjeDZkczMwZC5ncmE3LmNvbnRhaW5lci1yZWdpc3RyeS5vdmgubmV0Ijp7InVzZXJuYW1lIjoicHJpdmF0ZS11c2VyIiwicGFzc3dvcmQiOiJQcml2YXRlVXNlcjEiLCJhdXRoIjoiY0hKcGRtRjBaUzExYzJWeU9sQnlhWFpoZEdWVmMyVnlNUT09In19fQ==
Deploying an image
The first step to deploying a Docker image in a Kubernetes cluster is to write a YAML manifest. Let's call it hello-ovh.yaml
:
apiVersion: v1 kind: Service metadata: name: hello-ovh labels: app: hello-ovh spec: type: LoadBalancer ports: - port: 80 targetPort: 80 protocol: TCP name: http selector: app: hello-ovh --- apiVersion: apps/v1 kind: Deployment metadata: name: hello-ovh-deployment labels: app: hello-ovh spec: replicas: 1 selector: matchLabels: app: hello-ovh template: metadata: labels: app: hello-ovh spec: containers: - name: hello-ovh image: [YOUR_PRIVATE_REGISTRY_URL]/[YOUR_PROJECT]/hello-ovh:1.0.0 ports: - containerPort: 80 imagePullSecrets: - name: regcred
[YOUR_PRIVATE_REGISTRY_URL]
and [YOUR_PROJECT]
with your private registry URL and your project name, for example for my private registry it will be: cx6ds30d.va1.container-registry.ovh.us/private/hello-ovh:1.0.0
And then we can apply the file:
kubectl apply -f hello-ovh.yaml
After applying the YAML file, a new hello-world
service and the corresponding hello-world-deployment
deployment are created:
$ kubectl apply -f hello-ovh.yaml service/hello-ovh created deployment.apps/hello-ovh-deployment created $ kubectl get po -l app=hello-ovh NAME READY STATUS RESTARTS AGE hello-ovh-deployment-6df76cb7b8-vbk2b 1/1 Running 0 66s
Our Pod is correctly running, so Kubernetes has pulled the image from your private registry with success.
Go further
For more information and tutorials, please see our other Managed Private Registry support guides or explore the guides for other OVHcloud products and services.