This topic describes how to create a private image repository in the Container Registry console and use an image in this repository to create an application in the Container Service for Kubernetes (ACK) console.

Create a private image repository

If this is the first time you use the Container Registry console, you will be prompted to activate Container Registry. Click Activate Now, and set a password for logging on to Container Registry.

  1. Log on to the ACK console.
  2. In the left-side navigation pane, choose Marketplace > Alibaba Cloud Container Registry.
  3. In the left-side navigation pane of the Container Registry console, choose Default Instance > Repositories. At the top of the page, select a region to deploy the repository, and then click Create Repository.
  4. In the Create Repository dialog box, set the Namespaces, Repository Name, Summary, and Repository Type parameters. In this example, set Repository Type to Private. Click Next.
    Create a repository
  5. Select Local Repository as the source and click Create Repository.
  6. Go to the Repositories page, select the region and namespace where the repository is created, find the created repository, and click Manage in the Actions column.
  7. On the Details page, click the Guide tab. You can view the instructions about how to use the repository.
    Details of a repository
  8. Log on to the repository through a Linux server and run the following command to upload a local image to this repository:
    sudo docker login --username=abc@aliyun.com registry.cn-hangzhou.aliyuncs.com
    Password:   ## The password that is used to log on to the repository.                                                                              
    Login Succeeded
    docker images            
    # Tomcat is used as an example.
           REPOSITORY       TAG            IMAGE ID            CREATED            SIZE
           tomcat          latest         2d43521f2b1a        6 days ago          463MB
    sudo docker tag [ImageId] registry.cn-hangzhou.aliyuncs.com/[namespace]/tomcat-private:[image tag]           
    sudo docker push registry.cn-hangzhou.aliyuncs.com/[namespace]/tomcat-private:[image tag]
    After a private image is created, the system prints the following output:
    The push refers to a repository [registry.cn-hangzhou.aliyuncs.com/XXX/tomcat-private]
    9072c7b03a1b: Pushed
    f9701cf47c58: Pushed
    365c8156ff79: Pushed
    2de08d97c2ed: Pushed
    6b09c39b2b33: Pushed
    4172ffa172a6: Pushed
    1dccf0da88f3: Pushed
    d2070b14033b: Pushed
    63dcf81c7ca7: Pushed
    ce6466f43b11: Pushed
    719d45669b35: Pushed
    3b10514a95be: Pushed
    V1: digest: sha256:cded14cf64697961078aedfdf870e704a52270188c8194b6f70c778a8289**** size: 2836
  9. Go to the details page of the image repository. In the left-side navigation pane, click Tags. On the Tags page, you can find that the image is uploaded. The tag of the image indicates the image version.
    Tags

Create a private repository Secret

To pull private images, you must use a private repository Secret.

  1. Log on to the ACK console.
  2. In the left-side navigation pane, click Clusters.
  3. On the Clusters page, click the name of a cluster or click Details in the Actions column. The details page of the cluster appears.
  4. In the left-side navigation pane, click Configurations.
  5. On the Configurations page, click the Secret tab.
  6. In the upper-right corner of the Secrets tab, click Create.
  7. On the Create page, set the parameters and click OK.
    Configure the Secret
    Parameter Description
    Name The name of the Secret.
    Type The following types of Secret are supported:
    • Opaque: a general Secret. Enter a key and a value. The value must be encoded by using Base64.
    • Private Repository Logon Secret: the credentials that are required to pull images from the private repository. Enter the address, username, and password of the repository.
      Note The username is the full name of your Alibaba Cloud account. The password is the one that is specified for logging on to Container Registry. You can go to the Access Credential page to change the password.
    • TLS Certificate: A Transport Layer Security (TLS) certificate is used to verify user identities.
      • Cert: Enter the content of the TLS certificate.
      • Key: Enter the private key of the TLS certificate.
    Note
    After the Secret is created, you are redirected to the Secrets page. You can find the newly created Secret in the list.Secret list
Note

You can also create a private repository Secret from the command-line interface (CLI). For more information, see Use kubectl to connect to an ACK cluster.

Create an application from the private image repository

  1. Log on to the ACK console.
  2. In the left-side navigation pane, click Clusters.
  3. On the Clusters page, click the name of a cluster or click Details in the Actions column. The details page of the cluster appears.
  4. In the left-side navigation pane, click Workload.
  5. On the Workload page, click the Deployments tab.
  6. In the upper-right corner of the Deployments tab, click Create from Template.
    Note You can also click Create from Image to create an application. For more information, see Use an image secret.
  7. Set Sample Template to Custom and copy the following content to the template.
    apiVersion: apps/v1 
    kind: Deployment 
    metadata: 
      name: private-image
      nameSpace: default  
      labels:  
        app: private-image  
    spec:   
      replicas: 1
      selector:
        matchLabels:
          app: private-image
      template:
        metadata:
          labels:
            app: private-image
        spec:
          containers:
          - name: private-image
            image: registry.cn-hangzhou.aliyuncs.com /[namespace]/tomcat-private:latest
            ports:
            - containerPort: 8080
          imagePullSecrets:
          - name: regsecret
  8. Click Create.
    Go to the Deployments page. You can view the newly created application.private-image

For more information, see Use a private repository.