The Image Registry service is provided using the open source project Harbor. It provides storage functions and user authentication functions for Docker Image management.
You can create a Public/Private project to manage images in order to provide services to multiple users. For additional information, refer to the guide below or the user guide on the open source project site.
To use the service, click Image Registry in the ZCP Console side menu.
TABLE OF CONTENTS
Create an account
Cluster administrators can register arbitrary users directly. After logging in as an administrator, click the Administration > Users > NEW USER button as shown below.
Enter the user information as shown below and click the OK button to create the user.
Create a public project
You can separate the image storage by project. You can set the project type to Public or Private, and there are the following differences.
User Distinction | authority | Public | Private |
---|---|---|---|
Anonymous user | Pull (Read) | O | X |
Push (Write) | X | X | |
Login User | Pull (Read) | O | X |
Push (Write) | X | X |
Select the Projects menu and click the NEW PROJECT button.
Enter the Project Name, check the Public menu, and click the OK button.
If you check Public in the Access level, anyone can see the project. However, you must be a project member to push images.
If you do not check Public in the Access level, it will be created as Private and anyone who is not a project member will not be able to see the project.
This is what the project looks like when it's created.
Click on the Project name and click on the PUSH IMAGE menu on the right to see the docker command to upload an image to this project.
Push Image to Project
With Docker Client...
Log in to the Image Registry
To push an image to a public project or pull or push an image to a private project, you must log in to the Image Registry.
You can log in immediately by executing the following command. You must be registered as a project member to log in.
$ docker login [IMAGE_REGISTRY_URL] Username: # Image Registry 사용자 계정 Password: # Image Registry 사용자 비밀번호
Push Image
The method for pushing using the Docker command is the same as the existing method for pushing an image. You must perform docker login before pushing.
# 이미지 Tag를 생성합니다. $ docker tag SOURCE_IMAGE[:TAG] [IMAGE_REGISTRY_URL]/[프로젝트명]/IMAGE[:TAG] # 이미지를 Push 합니다. $ docker push [IMAGE REGISTRY URL]/[프로젝트명]/IMAGE[:TAG]
Pull Image
To pull using the Docker command, simply enter an accessible image.
$ docker pull [IMAGE_REGISTRY_URL]/[프로젝트명]/IMAGE[:TAG]
In a Kubernetes Pod...
Creating and registering an ImagePullSecret
When using Private Image Registry in Kubernetes Pod, you need to handle authentication like Docker login. For this, use ImagePullSecret.
Check the Secret created in the namespace with the command below.
$ kubectl get secret --namespace my-namespace NAME TYPE DATA AGE my-docker-secret kubernetes.io/dockerconfigjson 1 1d my-tls-secret kubernetes.io/tls 2 1d
To create a Pod, add a Secret name to imagePullSecrets as shown below, and you can use the image when creating a Pod.
apiVersion: v1 kind: Pod metadata: name: private-reg spec: containers: - name: private-reg-container image: [IMAGE_REGISTRY_URL]/[프로젝트명]/IMAGE[:TAG] imagePullSecrets: - name: my-docker-secret
Project Member Management
To view a project or push an image, you must be registered as a project member.
You can add a member by entering the project as shown in the screen, clicking the Members tab, and pressing the NEW MEMBER button.
You can enter a new Member ID and role as follows:
Here are some things you can do for each role:
역할 | 수행 권한 |
---|---|
Project Admin | When a project is created, the creator is granted permissions. Has Read/Write permissions for the project. Has Add/Delete permissions for project members. |
Developer | Has Read/Write permissions for the project. |
Guest | Has Read permission for the project. |
Online consultation
Contact us