Pulling an Image from a Self-Managed Image Repository
When an image is pulled from a self-managed image repository, the image may fail to be pulled due to different protocols or certificate authentication failures. In this section, HTTP and a self-issued certificate are used as examples to describe how to create a Deployment or pod by pulling an image from a self-managed image repository.
Configuration Description
|
Annotation |
Example Value |
Configuration Description |
|---|---|---|
|
cci.io/http-registries |
"harbor.***.com,192.168.XX.XX:5000,100.95.XX.XX,http://harbor.***.com" |
If you want to pull an image from a self-managed image repository using HTTP, you need to configure this annotation. The value can contain the https://prefix, port number, and relative path. Use commas (,) to separate multiple addresses, which can be private IP addresses, domain names, or public IP addresses. A maximum of 10 addresses are allowed. |
|
cci.io/insecure-registries |
"harbor.***.com,192.168.XX.XX:5000,100.95.XX.XX,https://harbor.***.com" |
If you want to pull an image from a self-managed image repository using a self-issued certificate, you need to add this annotation to skip certificate authentication. The value can contain the https://prefix, port number, and relative path. Use commas (,) to separate multiple addresses, which can be private IP addresses, domain names, or public IP addresses. A maximum of 10 addresses are allowed. |
- If the image repository address has a port number, the port number must be included. For example, if the image path is 192.168.XX.XX:5000/nginx:latest, cci.io/http-registries can be set to 192.168.XX.XX:5000.
- If HTTP is used, data transmission is not encrypted, and data is vulnerable to man-in-the-middle attacks and lacks identity authentication, which may cause data leak and service loss. HTTPS is recommended.
Example 1: Using HTTP for a Self-Managed Image Repository
- Creating a Deployment with 2 vCPUs and 4-GiB memory
apiVersion: cci/v2 kind: Deployment metadata: labels: app: http name: http spec: replicas: 1 selector: matchLabels: app: http template: metadata: labels: app: http annotations: resource.cci.io/pod-size-specs: 2.00_4.0 cci.io/http-registries: 192.168.XX.XX spec: containers: - image: 192.168.XX.XX/harbor/nginx:latest name: container-0 imagePullSecrets: - name: harbor-secret-new - Creating a pod with 2 vCPUs and 4-GiB memory
apiVersion: cci/v2 kind: Pod metadata: annotations: resource.cci.io/pod-size-specs: 2.00_4.0 cci.io/http-registries: 192.168.XX.XX name: http spec: containers: - image: '192.168.XX.XX/harbor/nginx:latest' imagePullPolicy: IfNotPresent name: container-1 imagePullSecrets: - name: harbor-secret
Example 2: Using a Self-Issued Certificate for a Self-Managed Image Repository
- Creating a Deployment with 2 vCPUs and 4-GiB memory
apiVersion: cci/v2 kind: Deployment metadata: labels: app: insecure name: insecure spec: replicas: 1 selector: matchLabels: app: insecure template: metadata: labels: app: insecure annotations: resource.cci.io/pod-size-specs: 2.00_4.0 cci.io/insecure-registries: 192.168.XX.XX spec: containers: - image: 192.168.XX.XX/harbor/nginx:latest name: container-0 imagePullSecrets: - name: harbor-secret-new - Creating a pod with 2 vCPUs and 4 GiB-memory
apiVersion: cci/v2 kind: Pod metadata: annotations: resource.cci.io/pod-size-specs: 2.00_4.0 cci.io/insecure-registries: 192.168.XX.XX name: insecure spec: containers: - image: '192.168.XX.XX/harbor/nginx:latest' imagePullPolicy: IfNotPresent name: container-1 imagePullSecrets: - name: harbor-secret
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
