Kubernetes

Kubernetes - Private Repository 저장소에서 이미지 가져오기

choko's avatar
choko
Jun 29, 2024
Kubernetes - Private Repository 저장소에서 이미지 가져오기
 
  • ECR같은 Private 컨테이너 저장소에서 쿠버네티스에서 사용할 이미지를 가져오기 위해서는, 인증 과정이 필요하다.
      • https://kubernetes.io/ko/docs/tasks/configure-pod-container/pull-image-private-registry/
      1. aws & docker 로그인
      aws configure

AWS_ACCESS_KEY_ID={{ACCESS_KEY}}
AWS_SECRET_ACCESS_KEY={{SECRET_KEY}}
REGION=ap-northeast-2
       
      PUSH_ECR=000000000000.dkr.ecr.ap-northeast-2.amazonaws.com
export AWS_ACCESS_KEY_ID={{ACCESS_KEY}}
export AWS_SECRET_ACCESS_KEY={{SECRET_KEY}}

aws ecr get-login-password --region=ap-northeast-2 | \
docker login -u AWS --password-stdin https://${PUSH_ECR}
       
      1. secret 생성 → --from-file=.dockerconfigjson={.docker/config.json 경로 }
      kubectl create secret generic ecr-pull-secret-ap-northeast-2 \
    --from-file=.dockerconfigjson=/home/ubuntu/.docker/config.json \
    --type=kubernetes.io/dockerconfigjson \
    --namespace=mdl

      docker 토큰 - mac 확인 후 osxkeychain 삭제로 토큰 갱신 확인

      {
    "auths": {
        "00000000000.dkr.ecr.ap-northeast-2.amazonaws.com": {
            "auth": "eyJwYXlsb2FkIjoiZWE4SVZNUGxiajl5RUthYTZEd3RienpBUkZhbnV4Wk5jUVZqV2R4NGl1NUc1elFDV05WMTFOZUk4M1c4WTlMcStuVHA0WkdPZ2FDY0ZVRnpDVnNNQzB2UnJrUkNSUEZVOFc5b2JkRVFyTTlZbXRMZE5CcEx0N0I5dVduNzlGRmJFNWxPOXlYYzQ0bWR6bVpwWGdhb3ZOUklBbjZ6bGNlMXRlK0p5Z0ZkQ1dqNkYrNzFLbzhBRGZCM1cvd3ozTm5UY2VLRHBjOVpkQ2EzM1Q4QnRVRU1jdEVFTG9DOWc2Zno3RkRweFU3UUpjUWlpNUpobmdEdmZyZXdEOUhoMHN4MGc1a09OMEhHR1JqSi9QL3BmRVpMcXhQK2FTend0UTdSWUEvY0FSa0phNTllSGFUK3g4Vks3QU5BODZKdExJRitmbGxLTk9KdHZzdWZNdThKQ0Q1b3Bnd3JNbVF5M3FldmFuZklFL3luQ0tYWGt0cmtMM1JQY0F4RHlhZmZvR1l0QmlwQzR6aWROZjlRVkI1WldRaG1KWkcyOTlsMzJhbzVmeEZyVlJmYy85dDFsTjNkVjJ2SkFWMUlYNXlMek11NGFBTVRXSSsrMFp6QUFjbGtxWE9oWERVUHNObkx1cUdFWnJGaXU4WmgxOWp4VFlmdkw2elZiUDJySERuVUZINE52Z0pTRmx4NEU1RGRZL0pUL1c2bm5DVHovWmw1T2hmNlM1MENkdWNlMmVXdUZRbkIvSVkyeHVnTitZK1phVmU0QnRhMHZtdWxzaVRXUFFXamt2OThUWGExMWduQ1JhYkN4UzUxdW9TSDRvRWtvdGVOMy9IajlnT1hjZVVHVlNCa1R6NDc2NzM0TE8rRitMajZnWHJPdHE1WTRkeFA5cEZvZS9SVjZoSDkvT2xxSk1hOUY5eW8vQXkvMk1IcXhod3BQampsQ1lQK09LN0xPQlg2VnplV3p0di9iZUtvRGFLeVNmQzQxejFtZWxiKzFVWDlHM1pqeVhHT3lMNHFla1B4VXMzS29VVFlYSFhlbHNCcXZQQkpFQ3FOakJEc3h0Ti9DZ05JWlc1eWhDMUJGKzVyWk5ZTm40UmRyWGNTd2UrbUx0TmZRbVNKeDhZb1Z1azdWNHBqOEoxZDZNcno3cWhSbE9CcXVnNVFwZDdvOTNtSlpHWUNmNWpRVm9XYmxobTNOMDVja2RFWFJaRnB0YlVpK2tCVUxSelB6SU9CMm9RcE03MnNNSVVJUm1jd0ppdTJpQ1pLVVJoTEw4WmhESUkyUVVVdmZPWnpORTQrVytiUUtleWd3U2dCL0tDdk9sNEs0WDFmallKRWZNMkxpOXdlVG1QQ0hNUXJCU2FRRUZEZC9EZ3ZQZWp3bm1rMSt4N1R3WGU1MVk4SGRlVmxVMExTajJGUUM5Q2xkdVo3aE9wSkRxajdKUzA9IiwiZGF0YWtleSI6IkFRSUJBSGhBT3NhVzJnWk4wOVdOdE5Ha1ljOHFwMTF4U2haL2RyRUVveTFIazhMWFdnSFpyVFBVQi91Z0Z6MFl3Y0UwekZ4dkFBQUFmakI4QmdrcWhraUc5dzBCQndhZ2J6QnRBZ0VBTUdnR0NTcUdTSWIzRFFFSEFUQWVCZ2xnaGtnQlpRTUVBUzR3RVFRTVFscWU3Sk1JVUd6RmIyVjBBZ0VRZ0R2dkdZOGIwS1BNaUhWQXpka0x0aGw5S0dTcXZYYnk1Qzl5Wlh4S203NlJYNjByMlo5TG4ydlFrT2hRT3ZYSEJXdDRQdklXNDNYR3lpeHltdz09IiwidmVyc2lvbiI6IjIiLCJ0eXBlIjoiREFUQV9LRVkiLCJleHBpcmF0aW9uIjoxNzA2MDM5NDE0fQ=="
        }
    },
    //"credsStore": "osxkeychain" // check
    "credsStore": "" 
}
    • 주의 - mac OS의 경우, auth 부분이 비워져 있는 경우가 있음.
      • 이 경우, credsStore의 osxkeychain 부분을 삭제 후 다시 token을 발급받아 auth token이 정상적으로 채워져 있는지 확인한다.
       
       
      1. serviceaccount 
      for svac in ${serviceaccounts}; do
  kubectl patch serviceaccount "$svac" \
          --patch='{"imagePullSecrets": [{"name": "ecr-pull-secret-ap-northeast-2"}]}' \
          --namespace=mdl
done
    • 서비스 어카운트가 imagePullSecrets를 해야, 해당 secret(ecr-pull-secret-ap-northeast-2) 에서 token을 받아와 인증할 수 있다.
      •  
      1. 쿠버네티스 yaml 파일에서 imagePullPolicy 체크 후 이미지를 다시 받아온다.
      imagePullPolicy: Always
       
Share article

More articles

See more posts

Kubernetes - PersistentVolume - NFS적용

June 29, 2024
Kubernetes - PersistentVolume - NFS적용

Kubernetes - Secret

June 29, 2024
Kubernetes - Secret

Kubernetes - Helm

June 29, 2024
Kubernetes - Helm

Kubernetes - 쿠버네티스 다중 클러스터 구성하기

June 29, 2024
Kubernetes - 쿠버네티스 다중 클러스터 구성하기

Tom의 TIL 정리방

RSS·Powered by Inblog