You can deploy a number of different kinds of pods hosting different kinds of applications like Apps, Databases, and Redis cache, etc.
apiVersion: v1 kind: Pod metadata: name: sample-pod labels: type: nginx-server spec: containers: - name: nginx-container image: nginx
image: nginx is actually docker.io/nginx/nginx
image: docker.io(Registry) / nginx (User/Account) / nginx (image/Repository)
if you created an account on Docker Hub yourself then the user account that you would get is the first part. If you do not provide an account name it assumes it to be the same as the repository name which in this case is nginx. If you were to create your own account and create your own repositories or images under it then you would use a similar pattern now where are these images stored and pulled. If you do not have specified the location where these images are to be pulled from. It is assumed to be on docker’s default registry (DockerHub).
For private repository
When you have applications built in-house that should’t be made available to the public, hosting an internal private registry may be a good solution.
AWS, Azure, or GCP provide a private Registry for your cloud account by default.
If you choose to make a private repository, you need to access using a set of credentials from a Docker perspective to run a container using a private image, you first login to your private-registry
$ docker login private-registry.io Username: Password: $ docker run private-registry.io/apps/my-app
and run the application using the image from the private registry
apiVersion: v1 kind: Pod metadata: name: sample-pod labels: type: nginx-server spec: containers: - name: nginx-container image: private-registry.io/apps/my-app
How do we implement the authentication login?
- How does Kubernetes get the credentials to access the private registry?
- In Kubernetes, The image are pulled and run by the docker runtime on the worker node.
We need a secret object with the credentials in it.
$ kubectl create secret docker-registry docker-credential --docker-server=private-registry.io --docker-username=user --docker-password=password --docker-email=email secret/docker-credential created
The secret is type docke-registry and named it docker-credential. Docker registry is a built in secret type that was built for storing Docker credentials
And specified the credential in pod-definition file.
apiVersion: v1 kind: Pod metadata: name: sample-pod labels: type: nginx-server spec: containers: - name: nginx-container image: private-registry.io/apps/my-app imagePullSecrets: - name: docker-credential