v2.0
v1.0
  1. Release Notes
    1. Release Notes - 2.0.2Latest
    1. Release Notes - 2.0.1
    1. Release Notes - 2.0.0
  1. Introduction
    1. Introduction
    1. Features
    1. Architecture
    1. Advantages
    1. Glossary
  1. Installation
    1. Intruction
      1. Intro
      2. Port Requirements
    1. Install on Linux
      1. All-in-One Installation
      2. Multi-Node Installation
      3. Installing HA Master and Etcd Cluster
      4. Storage Configuration Instruction
    1. Install on Kubernetes
      1. Prerequisites
      2. Online Installation
      3. Offline Installation
    1. Related Tools
      1. Integrating Harbor Registry
    1. Cluster Operation
      1. Adding New Nodes
      2. High Risk Operation
      3. Uninstalling KubeSphere
  1. Quick Start
    1. Getting Started with Multitenancy
    1. Exposing your APP using Ingress
    1. Deploying a MySQL Application
    1. Deploying a Wordpress Website
    1. Job to compute π to 2000 places
    1. Deploying Grafana using APP Template
    1. Creating Horizontal Pod Autoscaler
    1. S2i: Publish your app without Dockerfile
    1. Canary Release of Microservice APP
    1. CI/CD based on Spring Boot Project
    1. Building a Pipeline in a Graphical Panel
    1. CI/CD based on GitLab and Harbor
    1. Ingress-Nginx for Grayscale Release
  1. Cluster Admin Guide
    1. Multi-tenant Management
      1. Overview of Multi-tenant Management
      2. Overview of Role Management
    1. Platform Management
      1. Account Management
      2. Platform Roles Management
    1. Infrastructure
      1. Service Components
      2. Nodes
      3. Storage Classes
    1. Monitoring Center
      1. Physical Resources
      2. Application Resources
    1. Application Repository
    1. Jenkins System Settings
  1. User Guide
    1. Application Template
    1. Workloads
      1. Deployments
      2. StatefulSets
      3. DaemonSets
      4. Jobs
      5. CronJobs
    1. Storage
      1. Volumes
    1. Network & Services
      1. Services
      2. Routes
    1. Configuration Center
      1. Secret
      2. ConfigMap
      3. Image Registry
    1. Project Settings
      1. Basic Information
      2. Member Roles
      3. Project Members
      4. Internet Access
    1. DevOps Project
      1. DevOps Project Management
      2. DevOps Project Management
      3. DevOps Project Management
      4. DevOps Project Management
      5. DevOps Project Management
  1. Development Guide
    1. Preparing the Development Environment
    1. Development Workflow
  1. API Documentation
    1. API Guide
    1. How to invoke KubeSphere API
KubeSphere®️ 2020 All Rights Reserved.

Image Registry

A Docker image is a read-only template that can be used to deploy container services, each with a specific unique identifier (i.e. Image name:Tag). For example, an image can contain a full Ubuntu operating system environment with only Apache or other applications that users need. The image registry is used to store and distribute Docker images.

Create a Secret

Sign in with project-regular, enter into one project (e.g. demo-namespace), then select Configuration Center → Secrets.

Click Create Secret button, then fill in the basic information in the pop-up window.

Edit Mode

Add the QingCloud Docker Hub

  1. On the basic information page, enter the name of the QingCloud Docker Hub, you can also fill in the description as your needs.
  • Name: A concise and clear name for this registry, which is convenient for users to browse and search, e.g. dockerhub-qingcloud.
  • Alias: Helps you better distinguish resources and supports Chinese.
  • Description: A brief introduction to registry.

Click Next when you're done.

QingCloud Docker Hub

  1. In the Secret Settings table, select Image Repository Secret as the type, then fill in the account authentication information of the image registry.
  • Registry Address: Use QingCloud image registry address dockerhub.qingcloud.com as an example.
  • Username/Password: Enter guest / guest
  • Email: Fill in your personal email address

  1. Click Create, then redirect to the secrets list to view the creation results.

ecrets list

Add the Docker Hub

If you need to add Dokcer Hub as the image registry, first make sure you have already registered your account in Docker Hub. Then reference the same steps as above, fill in docker.io as the image registry address, and enter your personal DockerHub username and password.

Add the Docker Hub

Add the Harbor

Intro

Harbor is an an open source trusted cloud native registry project that stores, signs, and scans content. Harbor extends the open source Docker Distribution by adding the functionalities usually required by users such as security, identity and management.

Add the Internal Harbor

KubeSphere Installer has integrated Harbor's Helm Chart, which is an optional installation item, so it requires to enable the installation in advance, users can configure the installation according to the needs of the teams. Before start installation, you just need to configure in conf/vars.yml, see Integrating Harbor registry.

Connect the External Harbor

According to the address type of the Harbor, you need to divide into http and https:

http
  1. You need to modify the Docker configuration in all nodes of the cluster. For example, if there is an external harbor registry and its IP is http://139.198.16.232, then you need to add a field as --insecure-registry=139.198.16.232 into /etc/systemd/system/docker.service.d/docker-options.conf.

Sample

[Service]
Environment="DOCKER_OPTS=--registry-mirror=https://registry.docker-cn.com --insecure-registry=10.233.0.0/18 --graph=/var/lib/docker --log-opt max-size=50m --log-opt max-file=5 \
--insecure-registry=139.198.16.232"
  1. Next, you need to reload the configuration file and restart Docker.
$ sudo systemctl daemon-reload
$ sudo systemctl restart docker
  1. Then, fill in the authentication information needed for the Harbor in Secret Settings, such as the IP address and user credentials, and click Create to create Harbor image registry.

https
  1. For an image registry of the https protocol, firstly you need to get the image registry certificate, notes as ca.crt. Take the URL https://harbor.openpitrix.io as an example, you need to execute following command to all the nodes in the cluster:
$ sudo cp ca.crt /etc/docker/certs.d/harbor.openpitrix.io/ca.crt
  • If it still reports permission errors, you need to execute following command according to different operating systems:

UBUNTU

$ sudo cp ca.crt /usr/local/share/ca-certificates/harbor.openpitrix.io.ca.crt
$ sudo update-ca-certificates

RED HAT ENTERPRISE LINUX

$ sudo cp ca.crt /etc/pki/ca-trust/source/anchors/harbor.openpitrix.io.ca.crt
$ sudo update-ca-trust
  1. Next, you need to reload the configuration file and restart Docker when you're done, see Docker Documentation:
$ sudo systemctl systemctl daemon-reload
$ sudo systemctl restart docker
  1. Then fill in the authentication information needed for the image registry in KubeSphere console, and refer to the above steps of adding Docker Hub to create a Harbor image registry.

Using a Image Registry

Take the creation of a deployment as an example to demonstrate how to use the image registry and pull images from the registry. For example, there is a image mysql:5.6 in QingCloud image registry. When creating a Deployment, enter dockerhub.qingcloud.com/mysql:5.6 in the Pod template, the format is image registry address:tag, this image could be pulled from the pointed registry after the workload has been created.

Using a Image Registry