You can pull images from a Container Registry Enterprise Edition instance without a password. This accelerates image pulling. This topic describes how to pull images from a Container Registry Enterprise Edition instance without a password.
Prerequisites
Make sure that the following operations are completed:
Container Registry is activated. A Resource Access Management (RAM) role is authorized to access Container Registry.
A Container Registry Enterprise Edition instance is created and an image repository is configured. For more information, see Use a Container Registry Enterprise Edition instance to push and pull images.
Background information
Container Registry provides Container Registry Personal Edition instances and Container Registry Enterprise Edition instances. Container Registry Enterprise Edition is an enterprise-grade platform used to manage the lifecycle of cloud-native application artifacts. These artifacts include container images, Helm charts, and Open Container Initiative (OCI) artifacts. Container Registry Enterprise Edition seamlessly integrates with Container Service for Kubernetes (ACK) and helps simplify application delivery for enterprises in large-scale business deployment scenarios. For more information, see What is Container Registry?
You can pull images from a Container Registry instance by using one of the following methods:
For images in a Container Registry Personal Edition instance that belongs to the same account as the elastic container instance, you can pull the images without using a password.
For Docker images, you cannot pull the image without a password. When you call an API operation to create an elastic container instance, you can use the ImageRegistryCredential parameter to specify a password.
Pull images from a Container Registry Enterprise Edition instance without a password
In the Container Registry console, find the instance that you want to manage and configure network access control based on the following information:
Over the Internet
After you enable Internet access, you can access images in the Container Registry Enterprise Edition instance across regions by using public domain names. For more information, see Configure access over the Internet.
Over virtual private clouds (VPCs)
If you want to access a Container Registry Enterprise Edition instance over VPCs, you must connect the Container Registry Enterprise Edition instance to the VPCs. For more information, see Configure access over VPCs.
After you configure the Container Registry Enterprise Edition instance, you can record the instance information such as the instance ID, instance name, and domain name.
Use Kubernetes to pull images from a Container Registry Enterprise Edition instance without a password
You can add annotations to specify the Container Registry Enterprise Edition instance from which you want to pull images.
You can specify only one Container Registry Enterprise Edition instance when you use Kubernetes. If you have multiple Container Registry Enterprise Edition instances that contain different images, we recommend that you push the images to one Container Registry Enterprise Edition instance. If you want to configure multiple Container Registry Enterprise Edition instances, we recommend that you call API operations.
Examples
Prepare a YAML file.
The following YAML file named test_cri.yaml is used as an example:
apiVersion: v1 kind: Pod metadata: annotations: k8s.aliyun.com/acr-instance-id: "cri-j36zhodptmyq****" # Specify the ID of a Container Registry Enterprise Edition instance. name: cri-test spec: containers: - image: test****-registry.cn-beijing.cr.aliyuncs.com/eci_test/nginx:1.0 # Pull an image over the Internet. imagePullPolicy: Always name: nginx restartPolicy: Never
NoteYou can pull images from a Container Registry Enterprise Edition instance that resides in a region different from the region of the pod that you want to deploy. To do this, you must add the region ID of the Container Registry Enterprise Edition instance before the ID of the Container Registry Enterprise Edition instance. Example:
k8s.aliyun.com/acr-instance-id: "cn-beijing:cri-j36zhodptmyq****"
.Create a pod.
kubectl apply -f test_cri.yaml