Pi Docs
  • Overview
  • What is Pi
  • How It Works
  • Benefits
  • Features
  • Pricing
  • Quota and Limits
  • FAQ
  • Quickstart
    • Install CLI
    • Launch Your First Pod
    • Understand the network
    • Use Volume for Stateful Workload
    • Use Private Image
  • Feature
    • Pod
    • Rootfs
    • Job
    • Volume
    • Floating IP
    • Network
    • Service
    • Secret
    • Region and Zone
  • Reference
    • CLI
      • Info
      • Pod
        • run
        • create
        • delete
        • exec
        • logs
        • get
        • describe
      • Job
        • create
        • delete
        • get
        • describe
      • Service
        • create
        • get
        • describe
        • delete
      • Secret
        • create
        • get
        • describe
        • delete
      • Volume
        • create
        • get
        • delete
      • Floating IP
        • create
        • get
        • name
        • delete
    • API/v1.9
      • Info
        • Get
      • Event
        • Get
      • Pod
        • Create
        • List
        • Read
        • Log
        • Exec
        • Delete
      • Job
        • Create
        • List
        • Read
        • Delete
      • Service
        • Create
        • List
        • Get
        • Delete
      • Secret
        • Create
        • List
        • Get
        • Delete
      • Volume
        • Create
        • List
        • Get
        • Delete
      • Floating IP
        • Create
        • List
        • Get
        • Name
        • Delete
  • FAQ
    • Privacy Policy
    • Terms of Service
    • Acceptable Use Policy
  • Docs version
Powered by GitBook
On this page
  • Pull an Image from a Private Registry
  • Steps to use private image
  • Examples
  • Docker Hub
  • Gitlab
  • GCR
  • ECR
  1. Quickstart

Use Private Image

Pull an Image from a Private Registry

Steps to use private image

  1. get account from image registry

  2. create secret with the above account

  3. create pod with the above secret

Examples

Here are some examples to run pod with private image.

Docker Hub

$ pi create secret docker-registry regcred-dockerhub \
  --docker-username=xjimmyshcn \
  --docker-password='xxxxxxxxxx' \
  --docker-email=xxxxxxxxxx


$ cat pod-dockerhub.yaml
apiVersion: v1
kind: Pod
metadata:
  name: alpine-dockerhub
spec:
  containers:
  - name: alpine
    image: xjimmyshcn/alpine:latest
    command: ['sh', '-c', 'echo The app is running! && sleep 3600']
  imagePullSecrets:
  - name: regcred-dockerhub


//use spec.imagePullSecrets
$ pi create -f pod-dockerhub.yaml

or

//use --image-pull-secrets
$ pi create pod alpine-dockerhub --image=xjimmyshcn/alpine:latest \
  --image-pull-secrets=regcred-dockerhub \
  -- sh -c 'echo The app is running! && sleep 3600'

Gitlab

$ pi create secret docker-registry regcred-gitlab \
  --docker-server=registry.gitlab.com \
  --docker-email=xxxxxxxxxx \
  --docker-username=xjimmy \
  --docker-password='xxxxxxxxxxxx'

//create pod with secret regcred-gitlab

GCR

//get the keyfile.json for GCR, here is an example
$ cat /tmp/keyfile.json
{
  "type": "service_account",
  "project_id": "io",
  "private_key_id": "xxxxx",
  "private_key": "-----BEGIN PRIVATE KEY-----\n.........\n-----END PRIVATE KEY-----",
  "client_email": "xxxxx@xxxxx.iam.gserviceaccount.com",
  "client_id": "xxxxx",
  "auth_uri": "https://accounts.google.com/o/oauth2/auth",
  "token_uri": "https://accounts.google.com/o/oauth2/token",
  "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
  "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/xxxxx%40xxxxx.iam.gserviceaccount.com"
}

$ pi create secret docker-registry regcred-gcr \
  --docker-server="https://gcr.io"
  --docker-email=none \
  --docker-username=_json_key \
  --docker-password="$(cat /tmp/keyfile.json)"


//create pod with secret regcred-gcr

ECR

//get user account for ECR
$ aws ecr get-login --no-include-email --region ap-southeast-1
docker login -u AWS -p eyJ...OX0= https://xxxxx.dkr.ecr.ap-southeast-1.amazonaws.com

$ ECR_PASSWD="eyJ...OX0= https://xxxxx.dkr.ecr.ap-southeast-1.amazonaws.com"
$ pi create secret docker-registry regcred-ecr \
  --docker-server=https://xxxxx.dkr.ecr.ap-southeast-1.amazonaws.com \
  --docker-email=none
  --docker-username=AWS \
  --docker-password='$ECR_PASSWD' \


//create pod with secret regcred-ecr
PreviousUse Volume for Stateful WorkloadNextFeature

Last updated 6 years ago