Pushing and pulling images
You can push or pull images from your local file system to the private image registry.
Required user type or access level: Cluster administrator or team administrator
- Install Docker on your computer. See Install Docker.
- Configure the Docker CLI. See Configuring authentication for the Docker CLI
- If your cluster uses a high availability architecture, ensure that you mount a shared directory under
/var/lib/registry. See High availability IBM® Cloud Private clusters.
Log in to your private image registry.
docker login <cluster_CA_domain>:8500
<cluster_CA_domain>is the certificate authority (CA) domain that was set in the
config.yamlfile during installation. If you did not specify a CA domain name, the default value is
Push or pull the required image. You must push the image to, or pull the image from, an existing namespace. You can push or pull the image only if the namespace resource is assigned to a team for which you have the correct role. Administrators and operators can push or pull the image. Editors and viewers can pull images. Unless you specify an
imagePullSecret, you can access the image only from the namespace that hosts it. For more information about namespaces, see Namespaces.
If you are using a default
serviceAccountand image in the same namespace, the default service account is automatically configured with a new image pull secret when the image is loaded. In this scenario, the service account is able to pull the image.
Any other service accounts in the same namespace can pull the image only under the following conditions:
- The service account is patched with a valid image pull secret.
- The POD spec includes the name of a valid image pull secret.
The image scope is changed to
globalafter the image is pushed.
To push an image from your local file system to your private image registry, run the following commands. The name of the image that you push must be fewer than 253 characters long.
Tag the image. You can get the
tagnamefor your image by running the
sudo docker tag imagename:tagname <cluster_CA_domain>:8500/namespacename/imagename:tagname
namespacenameis the name of the namespace that you assign the image to.
Push the image to the private image registry.
sudo docker push <cluster_CA_domain>:8500/namespacename/imagename:tagname
By default, the image is added to the
namespace. If you want the image to be available to all namespaces, change its
global. For more details see Changing image scope. The image is stored in a repository that contains only images that are assigned that name.
To pull an image from your private image registry to your local file system, run the Docker pull command.
sudo docker pull <cluster_CA_domain>:8500/namespacename/imagename:tagname
(Optional) Deploy an application or job by using the newly added image. For more information about deploying applications and jobs, see Creating deployments.