All Products
Search
Document Center

Container Service for Kubernetes:Pull images from a Container Registry Enterprise Edition instance without a password

Last Updated:Sep 14, 2022

You can pull images from a Container Registry Enterprise Edition instance without a password. This accelerates image pulling. This topic describes how to pull images from a Container Registry Enterprise Edition instance without a password.

Prerequisites

Make sure that the following operations are completed:

Background information

Container Registry provides Container Registry Personal Edition instances and Container Registry Enterprise Edition instances. Container Registry Enterprise Edition is an enterprise-grade platform used to manage the lifecycle of cloud-native application artifacts. These artifacts include container images, Helm charts, and Open Container Initiative (OCI) artifacts. Container Registry Enterprise Edition seamlessly integrates with Container Service for Kubernetes (ACK) and helps simplify application delivery for enterprises in large-scale business deployment scenarios. For more information, see What is Container Registry?

You can pull images from a Container Registry instance by using one of the following methods:

  • For images in a Container Registry Personal Edition instance that belongs to the same account as the elastic container instance, you can pull the images without using a password.

  • For Docker images, you cannot pull the image without a password. When you call an API operation to create an elastic container instance, you can use the ImageRegistryCredential parameter to specify a password.

Pull images from a Container Registry Enterprise Edition instance without a password

In the Container Registry console, find the instance that you want to manage and configure network access control based on the following information:

  • Over the Internet

    After you enable Internet access, you can access images in the Container Registry Enterprise Edition instance across regions by using public domain names. For more information, see Configure access over the Internet.

    ACR2
  • Over virtual private clouds (VPCs)

    If you want to access a Container Registry Enterprise Edition instance over VPCs, you must connect the Container Registry Enterprise Edition instance to the VPCs. For more information, see Configure access over VPCs.

    ACR1

After you configure the Container Registry Enterprise Edition instance, you can record the instance information such as the instance ID, instance name, and domain name.

Use Kubernetes to pull images from a Container Registry Enterprise Edition instance without a password

You can add annotations to specify the Container Registry Enterprise Edition instance from which you want to pull images.

Note

You can specify only one Container Registry Enterprise Edition instance when you use Kubernetes. If you have multiple Container Registry Enterprise Edition instances that contain different images, we recommend that you push the images to one Container Registry Enterprise Edition instance. If you want to configure multiple Container Registry Enterprise Edition instances, we recommend that you call API operations.

Examples

  1. Prepare a YAML file.

    The following YAML file named test_cri.yaml is used as an example:

    apiVersion: v1
    kind: Pod
    metadata:
      annotations:
        k8s.aliyun.com/acr-instance-id: "cri-j36zhodptmyq****"      # Specify the ID of a Container Registry Enterprise Edition instance.
      name: cri-test
    spec:
      containers:
      - image: test****-registry.cn-beijing.cr.aliyuncs.com/eci_test/nginx:1.0   # Pull an image over the Internet.
        imagePullPolicy: Always
        name: nginx
      restartPolicy: Never
    Note

    You can pull images from a Container Registry Enterprise Edition instance that resides in a region different from the region of the pod that you want to deploy. To do this, you must add the region ID of the Container Registry Enterprise Edition instance before the ID of the Container Registry Enterprise Edition instance. Example: k8s.aliyun.com/acr-instance-id: "cn-beijing:cri-j36zhodptmyq****".

  2. Create a pod.

    kubectl apply -f test_cri.yaml