All Products
Search
Document Center

Elastic Container Instance:Use self-managed image repositories

Last Updated:Oct 19, 2022

When you pull an image from a self-managed image repository, the image may fail to be pulled due to different protocols or due to certificate authentication failures. This topic describes how to pull an image from a self-managed image repository to create an elastic container instance or an image cache if the self-managed image repository uses the HTTP protocol or a self-signed certificate.

Description

When you pull an image from a self-managed image repository, an alert event named ErrImagePull may be triggered, and the image cannot be pulled. The following table describes the causes for and solutions to the problem on the premise that the network between Elastic Container Instance and the image repository is connected.

Scenario

Cause

Solution

The self-managed image repository uses the HTTP protocol.

By default, Elastic Container Instances pulls images over HTTPS. Using different protocols causes image pull failures.

Configure Elastic Container Instance to use the HTTP protocol to interact with the image repository.

The self-managed image repository uses the HTTPS protocol, but it uses a self-signed certificate.

The self-managed image repository uses a self-signed certificate. This causes a certificate authentication failure when you pull images from the repository. As a result, the images cannot be pulled.

Configure to skip certificate authentication.

Configurations

When you call the CreateContainerGroup API operation to create an elastic container instance or call the CreateImageCache API operation to create an image cache, if you want to pull an image from a self-managed image repository that uses the HTTP protocol or a self-signed certificate, you must configure the PlainHttpRegistry or InsecureRegistry parameter to prevent image pull failures.

Note

Only when you create the elastic container instance or image cache by calling an API operation, you can configure the PlainHttpRegistry or InsecureRegistry parameter.

Parameter

Type

Example

Description

PlainHttpRegistry

String

"harbor***.pre.com,192.168.XX.XX:5000,reg***.test.com:80"

The address of the self-managed image repository.

When you pull an image from a self-managed image repository that uses the HTTP protocol, you must specify this parameter. This way, Elastic Container Instance uses the HTTP protocol to pull the image. This prevents image pull failures due to different protocols.

InsecureRegistry

String

"harbor***.pre.com,192.168.XX.XX:5000,reg***.test.com:80"

The address of the self-managed image repository.

When you pull an image from a self-managed image repository that uses a self-signed certificate, you must specify this parameter to skip certificate authentication. This prevents image pull failures arising from certificate authentication failures.

Note
  • If you want to pull images for multiple containers from different image repositories, you can specify multiple addresses of image repositories. Separate multiple addresses with commas (,). Example: harbor***.pre.com,192.168.XX.XX.

  • If the image repository address contains a port number, you must specify the address with its port number. For example, if the image repository address is 192.168.XX.XX:5000/nginx:latest, set the parameter to 192.168.XX.XX:5000.

For more information, see: