Pulling an Image from a Self-Managed Image Repository
When an image is pulled from a self-managed image repository, the image may fail to be pulled due to different protocols or certificate authentication failures. In this section, HTTP and a self-issued certificate are used as examples to describe how to create a Deployment or pod by pulling an image from a self-managed image repository.
Configuration Description
|
Annotation |
Example Value |
Configuration Description |
|---|---|---|
|
cci.io/http-registries |
"harbor.***.com,192.168.XX.XX:5000,100.95.XX.XX,http://harbor.***.com" |
If you want to pull an image from a self-managed image repository using HTTP, you need to configure this annotation. The value can contain the https://prefix, port number, and relative path. Use commas (,) to separate multiple addresses, which can be private IP addresses, domain names, or public IP addresses. A maximum of 10 addresses are allowed. |
|
cci.io/insecure-registries |
"harbor.***.com,192.168.XX.XX:5000,100.95.XX.XX,https://harbor.***.com" |
If you want to pull an image from a self-managed image repository using a self-issued certificate, you need to add this annotation to skip certificate authentication. The value can contain the https://prefix, port number, and relative path. Use commas (,) to separate multiple addresses, which can be private IP addresses, domain names, or public IP addresses. A maximum of 10 addresses are allowed. |
- If the image repository address has a port number, the port number must be included. For example, if the image path is 192.168.XX.XX:5000/nginx:latest, cci.io/http-registries can be set to 192.168.XX.XX:5000.
- If HTTP is used, data transmission is not encrypted, and data is vulnerable to man-in-the-middle attacks and lacks identity authentication, which may cause data leak and service loss. HTTPS is recommended.
Example 1: Using HTTP for a Self-Managed Image Repository
- Creating a Deployment with 2 vCPUs and 4-GiB memory
apiVersion: cci/v2 kind: Deployment metadata: labels: app: http name: http spec: replicas: 1 selector: matchLabels: app: http template: metadata: labels: app: http annotations: resource.cci.io/pod-size-specs: 2.00_4.0 cci.io/http-registries: 192.168.XX.XX spec: containers: - image: 192.168.XX.XX/harbor/nginx:latest name: container-0 imagePullSecrets: - name: harbor-secret-new - Creating a pod with 2 vCPUs and 4-GiB memory
apiVersion: cci/v2 kind: Pod metadata: annotations: resource.cci.io/pod-size-specs: 2.00_4.0 cci.io/http-registries: 192.168.XX.XX name: http spec: containers: - image: '192.168.XX.XX/harbor/nginx:latest' imagePullPolicy: IfNotPresent name: container-1 imagePullSecrets: - name: harbor-secret
Example 2: Using a Self-Issued Certificate for a Self-Managed Image Repository
- Creating a Deployment with 2 vCPUs and 4-GiB memory
apiVersion: cci/v2 kind: Deployment metadata: labels: app: insecure name: insecure spec: replicas: 1 selector: matchLabels: app: insecure template: metadata: labels: app: insecure annotations: resource.cci.io/pod-size-specs: 2.00_4.0 cci.io/insecure-registries: 192.168.XX.XX spec: containers: - image: 192.168.XX.XX/harbor/nginx:latest name: container-0 imagePullSecrets: - name: harbor-secret-new - Creating a pod with 2 vCPUs and 4 GiB-memory
apiVersion: cci/v2 kind: Pod metadata: annotations: resource.cci.io/pod-size-specs: 2.00_4.0 cci.io/insecure-registries: 192.168.XX.XX name: insecure spec: containers: - image: '192.168.XX.XX/harbor/nginx:latest' imagePullPolicy: IfNotPresent name: container-1 imagePullSecrets: - name: harbor-secret
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.
