Questo contenuto non è disponibile nella lingua selezionata.

Chapter 7. Using image streams with Kubernetes resources


Image streams, being Red Hat OpenShift Service on AWS native resources, work with all native resources available in Red Hat OpenShift Service on AWS, such as Build or DeploymentConfigs resources. It is also possible to make them work with native Kubernetes resources, such as Job, ReplicationController, ReplicaSet or Kubernetes Deployment resources.

7.1. Enabling image streams with Kubernetes resources

When using image streams with Kubernetes resources, you can only reference image streams that reside in the same project as the resource. The image stream reference must consist of a single segment value, for example ruby:2.5, where ruby is the name of an image stream that has a tag named 2.5 and resides in the same project as the resource making the reference.

Important

Do not run workloads in or share access to default projects. Default projects are reserved for running core cluster components.

The following default projects are considered highly privileged: default, kube-public, kube-system, openshift, openshift-infra, openshift-node, and other system-created projects that have the openshift.io/run-level label set to 0 or 1. Functionality that relies on admission plugins, such as pod security admission, security context constraints, cluster resource quotas, and image reference resolution, does not work in highly privileged projects.

There are two ways to enable image streams with Kubernetes resources:

  • Enabling image stream resolution on a specific resource. This allows only this resource to use the image stream name in the image field.
  • Enabling image stream resolution on an image stream. This allows all resources pointing to this image stream to use it in the image field.

Procedure

You can use oc set image-lookup to enable image stream resolution on a specific resource or image stream resolution on an image stream.

  1. To allow all resources to reference the image stream named mysql, enter the following command:

    $ oc set image-lookup mysql

    This sets the Imagestream.spec.lookupPolicy.local field to true.

    Imagestream with image lookup enabled

    apiVersion: image.openshift.io/v1
    kind: ImageStream
    metadata:
      annotations:
        openshift.io/display-name: mysql
      name: mysql
      namespace: myproject
    spec:
      lookupPolicy:
        local: true

    When enabled, the behavior is enabled for all tags within the image stream.

  2. Then you can query the image streams and see if the option is set:

    $ oc set image-lookup imagestream --list

You can enable image lookup on a specific resource.

  • To allow the Kubernetes deployment named mysql to use image streams, run the following command:

    $ oc set image-lookup deploy/mysql

    This sets the alpha.image.policy.openshift.io/resolve-names annotation on the deployment.

    Deployment with image lookup enabled

    apiVersion: apps/v1
    kind: Deployment
    metadata:
      name: mysql
      namespace: myproject
    spec:
      replicas: 1
      template:
        metadata:
          annotations:
            alpha.image.policy.openshift.io/resolve-names: '*'
        spec:
          containers:
          - image: mysql:latest
            imagePullPolicy: Always
            name: mysql

You can disable image lookup.

  • To disable image lookup, pass --enabled=false:

    $ oc set image-lookup deploy/mysql --enabled=false
Red Hat logoGithubRedditYoutubeTwitter

Formazione

Prova, acquista e vendi

Community

Informazioni sulla documentazione di Red Hat

Aiutiamo gli utenti Red Hat a innovarsi e raggiungere i propri obiettivi con i nostri prodotti e servizi grazie a contenuti di cui possono fidarsi.

Rendiamo l’open source più inclusivo

Red Hat si impegna a sostituire il linguaggio problematico nel codice, nella documentazione e nelle proprietà web. Per maggiori dettagli, visita ilBlog di Red Hat.

Informazioni su Red Hat

Forniamo soluzioni consolidate che rendono più semplice per le aziende lavorare su piattaforme e ambienti diversi, dal datacenter centrale all'edge della rete.

© 2024 Red Hat, Inc.