1. What secret type must we choose for docker registry?
root@controlplane ~ ➜ k create secret --help
Create a secret with specified type.
A docker-registry type secret is for accessing a container registry.
A generic type secret indicate an Opaque secret type.
A tls type secret holds TLS certificate and its associated key.
Available Commands:
docker-registry Create a secret for use with a Docker registry
generic Create a secret from a local file, directory, or literal
value
tls Create a TLS secret
Usage:
kubectl create secret (docker-registry | generic | tls) [options]
Use "kubectl create secret <command> --help" for more information about a given
command.
Use "kubectl options" for a list of global command-line options (applies to all
commands).
answer : docker-registry
2. We have an application running on our cluster. Let us explore it first. What image is the application using?
root@controlplane ~ ➜ k get pods
NAME READY STATUS RESTARTS AGE
web-758bd846c-hbvrt 1/1 Running 0 101s
web-758bd846c-vwrrs 1/1 Running 0 101s
root@controlplane ~ ➜ k describe pod web-758bd846c-hbvrt
Name: web-758bd846c-hbvrt
Namespace: default
Priority: 0
Service Account: default
...
Container ID: containerd://f5ea0bf54339cc0af6c66d51ed5bbd6619e46b39d9bccfe0b41773f8c045ba93
Image: nginx:alpine
answer : nginx:alpine
3. We decided to use a modified version of the application from an internal private registry. Update the image of the deployment to use a new image from myprivateregistry.com:5000 The registry is located at myprivateregistry.com:5000. Don't worry about the credentials for now. We will configure them in the upcoming steps.
k edit deployments.apps
...
spec:
progressDeadlineSeconds: 600
replicas: 2
revisionHistoryLimit: 10
selector:
matchLabels:
app: web
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
creationTimestamp: null
labels:
app: web
spec:
containers:
- image: nginx:alpine ## -> myprivateregistry.com:5000/nginx:alpine
4. Are the new PODs created with the new images successfully running?
root@controlplane ~ ➜ k get pods
NAME READY STATUS RESTARTS AGE
web-56d568f9f8-xn5q5 0/1 ImagePullBackOff 0 2m9s
web-758bd846c-hbvrt 1/1 Running 0 7m11s
web-758bd846c-vwrrs 1/1 Running 0 7m11s
answer : NO
5. Create a secret object with the credentials required to access the registry.
Name: private-reg-cred
Username: dock_user
Password: dock_password
Server: myprivateregistry.com:5000
Email: dock_user@myprivateregistry.com
root@controlplane ~ ➜ kubectl create secret docker-registry private-reg-cred \
--docker-username=dock_user --docker-password=dock_password \
--docker-server=myprivateregistry.com:5000 \
--docker-email=dock_user@myprivateregistry.com
secret/private-reg-cred created
6. Configure the deployment to use credentials from the new secret to pull images from the private registry
https://kubernetes.io/docs/concepts/containers/images/#referring-to-an-imagepullsecrets-on-a-pod
Images
A container image represents binary data that encapsulates an application and all its software dependencies. Container images are executable software bundles that can run standalone and that make very well defined assumptions about their runtime environmen
kubernetes.io
root@controlplane ~ ➜ k edit deployments.apps web
deployment.apps/web edited
....
spec:
containers:
- image: myprivateregistry.com:5000/nginx:alpine
imagePullPolicy: IfNotPresent
name: nginx
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
dnsPolicy: ClusterFirst
imagePullSecrets: ## 추가. name private-reg-cred
- name: private-reg-cred
7. Check the status of PODs. Wait for them to be running. You have now successfully configured a Deployment to pull images from the private registry.
root@controlplane ~ ➜ k get pods
NAME READY STATUS RESTARTS AGE
web-ffd8c976c-8vd84 1/1 Running 0 88s
web-ffd8c976c-st4g8 1/1 Running 0 89s
'IT 기술 > k8s' 카테고리의 다른 글
[cka] Network Policies (0) | 2024.07.28 |
---|---|
[cka] Security Contexts (0) | 2024.07.28 |
[cka] Service Accounts (0) | 2024.07.28 |
[cka] Cluster Roles (0) | 2024.07.28 |
[cka] Role Based Access Controls (0) | 2024.07.19 |
댓글