Container Service for Kubernetes allows you to use image Secrets on the web UI. You can create an image Secret or use an existing image Secret.

Prerequisites

Background information

When you create an application by using a private image, you must configure a Secret for the image to secure the image. In the Container Service console, you can pass the authentication information of the private image repository as a Secret of the docker-registry type to a Kubernetes cluster.

Procedure

  1. Log on to the Container Service console.
  2. In the left-side navigation pane under Container Service - Kubernetes, choose Applications > Deployments. On the Deployments page that appears, click Create from Image in the upper-right corner.
  3. Set the Name, Cluster, Namespace, Replicas, and Type parameters. The Replicas parameter specifies the number of pods contained in the application. Click Next. The Container page appears.
    Note This topic describes how to use an image Secret to create a Deployment application.
    If Namespace is left unspecified, the system uses the default namespace.
  4. Click Next. The Container page appears.
    Note This topic describes only how to configure the image Secret. For more information about the container configuration, see Create deployments by using images.
  5. On the Container page, enter the address of the private image in the Image Name field. The address follows the following format: domainname/namespace/imagename.
    Note Public images do not require Secrets.
  6. Enter the version of the image in the Image Version field.
  7. Click Set ImagePullSecret, and create a Secret or select an existing Secret in the dialog box that appears.
    • You can select New Secret. If you select New Secret, set the following parameters:
      • Name: the Secret name. You can enter a custom name.
      • Repository Domain: the address of the Docker repository. If you use an image repository in Alibaba Cloud Container Registry, the address of the image repository is automatically displayed.
      • Username: the username for logging on to the Docker repository. If you use an image repository in Alibaba Cloud Container Registry, the username is your Alibaba Cloud account name.
      • Password: the password for logging on to the Docker repository. If you use an image repository in Alibaba Cloud Container Registry, the password is the independent logon password of Container Registry.
      • Email: optional. The email address.

      Click OK. The created Secret appears on the page.

    • You can also select Existing Secret. You can use commands or YAML files to create image Secrets. For more information, see How do I use private images in Kubernetes clusters? and Create an application from a private image repository.
  8. After you complete the container configuration, click Next.
  9. Specify other configurations as required. Then, click Create.
  10. Choose Applications > Deployments in the left-side navigation pane, and select the cluster and namespace in which the application is created. On the Deployments page that appears, check the running status of the tomcat application.
    Note The following figure shows that the tomcat application runs properly, which indicates that the Tomcat private image is successfully used through the image Secret.