Authenticate and manage registry
Authenticate registry
Container Registry is a service for storing and managing Docker container images. After installing Docker in the user environment, authentication is performed through the Docker CLI (Docker Command Line Interface).
Container Registry is a service for storing and managing Docker container images and requires Docker to be installed in the user environment. For detailed instructions on Docker installation, please refer to Docker official documentation.
Create access key
You can create an access key at KakaoCloud Console. For information on how to issue access keys and secret access keys, please refer to API preparation.
Login in to Docker
After creating an access key ID and secret access key, you can log in to Docker using the command. When login is successful, Login Succeeded is displayed.
docker login {project name}.{region name}.kcr.dev --username {access key ID} --password {secret access key}
Set up authentication when pulling Kubernetes images
To pull an image from the Kubernetes you are using, you must set authentication as follows. For details, please refer to Kubernetes official documentation.
-
Create a Secret.
- The
--docker-usernameand--docker-passwordparameters enter access key information issued by KakaoCloud Console.
Secret creation commandkubectl create secret docker-registry {Secret name to create} \
--docker-server={project name}.{region name}.kcr.dev \
--docker-username={access key ID} \
--docker-password={secure access key} \
--docker-email={email} \ - The
-
Create a POD.
- When you enter the secret name created in the
imagePullSecretsitem, you can pull the image from Container Registry.
POD creation command$ vi -f my-private-reg-pod.yaml
apiVersion:v1
kind: Pod
metadata:
name: private-reg
spec:
containers:
- name: private-reg-container
image: {project name}.{region name}.kcr.dev/{repository name}/{image name}:{tag name}
imagePullSecrets:
- name: {name of the secret you created}
$ kubectl apply -f my-private-reg-pod.yaml - When you enter the secret name created in the
Manage registry
Here's how to manage the registry in Container Registry > Management menu:
| Item | Description |
|---|---|
| Repository | Number of repositories stored in the registry / maximum number |
| Image | Number of images stored in registry |
| Up to 10,000 images can be created per repository | |
| Storage | Object usage by the registry |
| Garbage collection | When clicking the [Garbage collection] button, a pop-up is displayed to confirm execution |
| In the Garbage Collection pop-up window, enter data deletion and click the [Execute] button. |
Garbage collection
You can run garbage collection to delete layer data in the manifest that does not have a referenced image among the data stored in registry storage. However, this does not affect manifests that contain referenced images.
- When running garbage collection, images with multi-architecture manifests may be deleted, so please be careful when deleting them.
- Registry use, such as repository creation, repository deletion, image push, and tag addition, is restricted until garbage collection is completed.
- After garbage collection is completed, tags cannot be restored to the state they were in before garbage collection was run.
-
Go to Container Pack > Container Registry in the KakaoCloud Console.
-
in the Management menu, click the [Garbage collection] button.
Check Outbound traffic usage
You can check Outbound traffic usage and outbound usage trends for the past three months, etc.
- Outbound traffic is charged according to the Outbound traffic billing policy of the Container Registry.
- Outbound traffic usage information on the monitoring screen may differ slightly from the actual billed usage.
- For storage usage, it takes approximately 30 minutes for actual usage to be collected and reflected.