Image Registries

    This tutorial demonstrates how to create Secrets for different image registries.

    You need to create a workspace, a project and a user (). The user must be invited to the project with the role of operator. For more information, see Create Workspaces, Projects, Users and Roles.

    When you create workloads, , Jobs, or , you can select images from your private registry in addition to the public registry. To use images from your private registry, you must create a Secret for it so that the registry can be integrated to KubeSphere.

    Log in to the web console of KubeSphere as project-regular. Go to Configuration of a project, select Secrets and click Create.

    Specify a name for the Secret (for example, ) and click Next to continue.

    Tip

    You can see the Secret’s manifest file in YAML format by enabling Edit YAML in the upper-right corner. KubeSphere allows you to edit the manifest file directly to create a Secret. Alternatively, you can follow the steps below to create a Secret via the dashboard.

    • Registry Address. The address of the image registry that stores images for you to use when creating application workloads.
    • Username. The account name you use to log in to the registry.
    • Password. The password you use to log in to the registry.
    • Email (optional). Your email address.

    Add the Docker Hub registry

    1. Before you add your image registry in , make sure you have an available Docker Hub account. On the Secret Settings page, enter docker.io for Registry Address and enter your Docker ID and password for User Name and Password. Click Validate to check whether the address is available.

    Add the Harbor image registry

    is an open-source trusted cloud-native registry project that stores, signs, and scans content. Harbor extends the open-source Docker Distribution by adding the functionalities usually required by users such as security, identity and management. Harbor uses HTTP and HTTPS to serve registry requests.

    HTTP

    1. You need to modify the Docker configuration for all nodes within the cluster. For example, if there is an external Harbor registry and its IP address is http://192.168.0.99, then you need to add the field to /etc/systemd/system/docker.service.d/docker-options.conf:

      Note

      • Replace the image registry address with your own registry address.

      • is required by the Docker daemon for the communication with an insecure registry. Refer to Docker documentation for its syntax.

    2. After that, reload the configuration file and restart Docker:

    3. Go back to the Data Settings page and select Image registry information for Type. Enter your Harbor IP address for Registry Address and enter the username and password.

      Note

      If you want to use the domain name instead of the IP address with Harbor, you may need to configure the CoreDNS and nodelocaldns within the cluster.

    HTTPS

    When you set images, you can select the private image registry if the Secret of it is created in advance. For example, click the arrow on the Add Container page to expand the registry list when you create a . After you choose the image registry, enter the image name and tag to use the image.