1. What secret type must we choose for docker registry?
root@controlplane ~ ➜ k create secret --help
Create a secret with specified type.
A docker-registry type secret is for accessing a container registry.
A generic type secret indicate an Opaque secret type.
A tls type secret holds TLS certificate and its associated key.
Available Commands:
docker-registry Create a secret for use with a Docker registry
generic Create a secret from a local file, directory, or literal
value
tls Create a TLS secret
Usage:
kubectl create secret (docker-registry | generic | tls) [options]
Use "kubectl create secret <command> --help" for more information about a given
command.
Use "kubectl options" for a list of global command-line options (applies to all
commands).
answer : docker-registry
2. We have an application running on our cluster. Let us explore it first. What image is the application using?
root@controlplane ~ ➜ k get pods
NAME READY STATUS RESTARTS AGE
web-758bd846c-hbvrt 1/1 Running 0 101s
web-758bd846c-vwrrs 1/1 Running 0 101s
root@controlplane ~ ➜ k describe pod web-758bd846c-hbvrt
Name: web-758bd846c-hbvrt
Namespace: default
Priority: 0
Service Account: default
...
Container ID: containerd://f5ea0bf54339cc0af6c66d51ed5bbd6619e46b39d9bccfe0b41773f8c045ba93
Image: nginx:alpine
answer : nginx:alpine
3. We decided to use a modified version of the application from an internal private registry. Update the image of the deployment to use a new image from myprivateregistry.com:5000 The registry is located at myprivateregistry.com:5000. Don't worry about the credentials for now. We will configure them in the upcoming steps.
k edit deployments.apps
...
spec:
progressDeadlineSeconds: 600
replicas: 2
revisionHistoryLimit: 10
selector:
matchLabels:
app: web
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
creationTimestamp: null
labels:
app: web
spec:
containers:
- image: nginx:alpine ## -> myprivateregistry.com:5000/nginx:alpine
4. Are the new PODs created with the new images successfully running?
root@controlplane ~ ➜ k get pods
NAME READY STATUS RESTARTS AGE
web-56d568f9f8-xn5q5 0/1 ImagePullBackOff 0 2m9s
web-758bd846c-hbvrt 1/1 Running 0 7m11s
web-758bd846c-vwrrs 1/1 Running 0 7m11s
answer : NO
5. Create a secret object with the credentials required to access the registry.
Name: private-reg-cred
Username: dock_user
Password: dock_password
Server: myprivateregistry.com:5000
Email: dock_user@myprivateregistry.com
root@controlplane ~ ➜ kubectl create secret docker-registry private-reg-cred \
--docker-username=dock_user --docker-password=dock_password \
--docker-server=myprivateregistry.com:5000 \
--docker-email=dock_user@myprivateregistry.com
secret/private-reg-cred created
6. Configure the deployment to use credentials from the new secret to pull images from the private registry
https://kubernetes.io/docs/concepts/containers/images/#referring-to-an-imagepullsecrets-on-a-pod
root@controlplane ~ ➜ k edit deployments.apps web
deployment.apps/web edited
....
spec:
containers:
- image: myprivateregistry.com:5000/nginx:alpine
imagePullPolicy: IfNotPresent
name: nginx
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
dnsPolicy: ClusterFirst
imagePullSecrets: ## 추가. name private-reg-cred
- name: private-reg-cred
7. Check the status of PODs. Wait for them to be running. You have now successfully configured a Deployment to pull images from the private registry.
root@controlplane ~ ➜ k get pods
NAME READY STATUS RESTARTS AGE
web-ffd8c976c-8vd84 1/1 Running 0 88s
web-ffd8c976c-st4g8 1/1 Running 0 89s
'IT 기술 > k8s' 카테고리의 다른 글
[cka] Network Policies (0) | 2024.07.28 |
---|---|
[cka] Security Contexts (0) | 2024.07.28 |
[cka] Service Accounts (0) | 2024.07.28 |
[cka] Cluster Roles (0) | 2024.07.28 |
[cka] Role Based Access Controls (0) | 2024.07.19 |
댓글