k8s & docker registry
This commit is contained in:
parent
d35bdd7f70
commit
c5bc8201ae
Binary file not shown.
|
@ -0,0 +1,85 @@
|
||||||
|
\documentclass{article}
|
||||||
|
\usepackage{listings}
|
||||||
|
\usepackage{xcolor}
|
||||||
|
|
||||||
|
\title{Docker Image Deployment and Kubernetes Configuration}
|
||||||
|
\author{Your Name}
|
||||||
|
\date{\today}
|
||||||
|
|
||||||
|
\lstset{
|
||||||
|
basicstyle=\ttfamily,
|
||||||
|
keywordstyle=\color{blue},
|
||||||
|
commentstyle=\color{gray},
|
||||||
|
stringstyle=\color{orange},
|
||||||
|
breaklines=true,
|
||||||
|
frame=single,
|
||||||
|
language=bash
|
||||||
|
}
|
||||||
|
|
||||||
|
\begin{document}
|
||||||
|
|
||||||
|
\maketitle
|
||||||
|
|
||||||
|
\section*{Instructions}
|
||||||
|
|
||||||
|
\textbf{Prerequisites:} Docker, Kubernetes, BusyBox, and OpenSSL installed, along with a working directory containing a Dockerfile.
|
||||||
|
|
||||||
|
\begin{enumerate}
|
||||||
|
\item \textbf{Run a Local Docker Registry (without authentication):}
|
||||||
|
\begin{lstlisting}
|
||||||
|
docker run -d -p 5000:5000 --name registry registry:2
|
||||||
|
\end{lstlisting}
|
||||||
|
This command starts a registry container on \texttt{localhost:5000}.
|
||||||
|
|
||||||
|
\item \textbf{Optional: Enable Authentication for the Local Registry}
|
||||||
|
|
||||||
|
If you want to secure your local registry with a username and password, follow these steps:
|
||||||
|
|
||||||
|
\begin{enumerate}
|
||||||
|
\item \textbf{Create a User and Password Hash with BusyBox:}
|
||||||
|
Generate a hashed password for `passpass` and store it in the `htpasswd` file:
|
||||||
|
\begin{lstlisting}
|
||||||
|
mkdir -p /home/user/auth
|
||||||
|
echo "user:$(busybox mkpasswd -m sha256 -S $(openssl rand -hex 6) passpass)" > /home/user/auth/htpasswd
|
||||||
|
\end{lstlisting}
|
||||||
|
This command generates a hashed password `passpass` for the username `user`.
|
||||||
|
|
||||||
|
\item \textbf{Run the Registry with Authentication:}
|
||||||
|
Restart the registry container to require authentication.
|
||||||
|
\begin{lstlisting}
|
||||||
|
docker stop registry
|
||||||
|
docker rm registry
|
||||||
|
docker run -d -p 5000:5000 --name registry \
|
||||||
|
-v /home/user/auth:/auth \
|
||||||
|
-e "REGISTRY_AUTH=htpasswd" \
|
||||||
|
-e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
|
||||||
|
-e "REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd" \
|
||||||
|
registry:2
|
||||||
|
\end{lstlisting}
|
||||||
|
\end{enumerate}
|
||||||
|
|
||||||
|
\item \textbf{Build and Push Docker Image to Local Registry:}
|
||||||
|
\begin{lstlisting}
|
||||||
|
docker build -f Dockerfile -t localhost:5000/my-app:latest ..
|
||||||
|
docker push localhost:5000/my-app:latest
|
||||||
|
\end{lstlisting}
|
||||||
|
|
||||||
|
\item \textbf{Configure Kubernetes to Use the Local Registry (if using authentication):}
|
||||||
|
Create a Kubernetes secret with credentials to access the registry:
|
||||||
|
\begin{lstlisting}
|
||||||
|
kubectl create secret docker-registry regcred \
|
||||||
|
--docker-server=localhost:5000 \
|
||||||
|
--docker-username=user \
|
||||||
|
--docker-password=passpass \
|
||||||
|
--docker-email=user@example.com
|
||||||
|
\end{lstlisting}
|
||||||
|
This secret can be referenced by Kubernetes to pull the image from the secured local registry.
|
||||||
|
|
||||||
|
\item \textbf{Deploy a Pod Using the Image from the Local Registry:}
|
||||||
|
\begin{lstlisting}
|
||||||
|
kubectl run my-app --image=localhost:5000/my-app:latest --image-pull-policy=IfNotPresent
|
||||||
|
\end{lstlisting}
|
||||||
|
\end{enumerate}
|
||||||
|
|
||||||
|
\end{document}
|
||||||
|
|
Loading…
Reference in New Issue