Password - Free Image Pulling
Overview
By installing the password-free pulling plug-in, cube-credential-helper, the CCSE cluster can pull private images from both the Enterprise and Personal editions of the Cloud Container Repository without requiring passwords. This simplifies the process of publishing workloads.
Install
Log in to the CCSE console
Click Cluster in the left navigation pane
In the Cluster Management page, click the name of an existing cluster to access the Cluster Information page
In the left navigation pane, click Plug-in - Plug-in Market. Find the cube-credential-helper plug-in on the page and install it:
Usage Steps
Before You Begin
• A Cloud Container Repository instance has been created.
Configuration Parameters
The namespaces and serviceAccounts parameters are used to specify the namespace and serviceAccount where the plug-in takes effect.
#### Enable the password-free pulling plug-in for specified namespaces in the cluster #### The default value is "default". When set as "*", it indicates that password-free pulling is expected to be enabled for all Namespaces. If you need to configure multiple Namespaces, separate them with a half-width comma (,). namespaces: "default" #### Enable the password-free pulling plug-in for specified ServiceAccount in the cluster #### The default value is "default". When set as "*", it supports all ServiceAccount within the specified namespace. If you need to configure multiple ServiceAccounts, separate them with a half-width comma (,). serviceAccounts: "default"
The credentials parameter specifies the image pull credentials. Please note, you need to fill in the actual Intranet address, username, and password of the CRS instance. Otherwise, the password-free pulling plug-in will not take effect.
#### Image pull credentials, supporting multiple configurations. Replace the Intranet address of the CRS instance, username, and password in the following example with actual values. credentials: - registry: " registry-vpc-crs-huadong1.ctyun.cn" # Intranet address of the CRS instance username: "username" # Username of the CRS instance password: "password" # Password of the CRS instance
Verification of Password-Free Pulling
In the CCSE console, create a new workload using the namespace and serviceAccount specified by the plug-in (when not explicitly specified, the workload defaults to using the default serviceAccount).
When pulling private images from the image service instance specified by the plug-in, you can successfully pull the image and run it without needing image pulling credentials.
Note that when creating a new workload, you should not specify image pulling credentials, as this will override the configuration of the plug-in and may cause the image pulling to fail.
Modify Configuration
After the plug-in installation, if you need to modify the plug-in configuration, you can find the cube-credential-helper configuration item under the kube-system namespace in the Configuration Management - Configuration Items page:
Then modify the variable in appConfig. yaml:
After modifications are made, it takes approximately one minute for the changes to take effect. Ensure that the format of the configuration is correct; otherwise, the configuration will not take effect.