Image Registries

    This tutorial demonstrates how to create Secrets for different image registries.

    You need to create a workspace, a project and an account (). The account must be invited to the project with the role of operator. For more information, see Create Workspaces, Projects, Accounts and Roles.

    When you create workloads, , Jobs, or , you can select images from your private registry in addition to the public registry. To use images from your private registry, you must create a Secret for it so that the registry can be integrated to KubeSphere.

    Log in to the web console of KubeSphere as project-regular. Go to Configurations of a project, choose Secrets and click Create.

    Specify a name for the Secret (e.g. ) and click Next to continue.

    Tip

    You can see the Secret’s manifest file in YAML format by enabling Edit Mode in the top right corner. KubeSphere allows you to edit the manifest file directly to create a Secret. Alternatively, you can follow the steps below to create a Secret via the dashboard.

    create-secret

    • Registry Address. The address of the image registry that stores images for you to use when creating application workloads.
    • User Name. The account name you use to log in to the registry.
    • Password. The password you use to log in to the registry.
    • Email (Optional). Your email address.

    Add the Docker Hub registry

    1. Before you add your image registry in , make sure you have an available Docker Hub account. On the Secret Settings page, input docker.io for Registry Address and enter your Docker ID and password for User Name and Password. Click Validate to check whether the address is available.

      validate-registry-address

    Add the Harbor image registry

    is an open-source trusted cloud-native registry project that stores, signs, and scans content. Harbor extends the open-source Docker Distribution by adding the functionalities usually required by users such as security, identity and management. Harbor uses http and https to serve registry requests.

    Http

    1. You need to modify the Docker configuration for all nodes within the cluster. For example, if there is an external Harbor registry and its IP address is http://192.168.0.99, then you need to add the field to /etc/systemd/system/docker.service.d/docker-options.conf:

      Note

      • Replace the image registry address with your own registry address.

      • is required by the Docker daemon for the communication with an insecure registry. Refer to docker docs for its syntax.

    2. After that, reload the configuration file and restart Docker:

    3. Go back to the Secret Settings page and select Image Registry Secret for Type. Input your Harbor IP address for Registry Address and enter the username and password.

      Note

      If you want to use the domain name instead of the IP address with Harbor, you may need to configure the CoreDNS and nodelocaldns within the cluster.

    Https

    For the integration of the https-based Harbor registry, refer to . Make sure you use docker login to connect to your Harbor registry.

    use-image-registry