Giriş
Açıklaması şöyle
Most of the time, developers store their docker images in the Docker Hub. If you are working on a project and you have private images that need to be stored in a private place, most of the time developers configure a nexus server and store it there.
But Google Cloud’s GCR is a perfect solution to this problem. With GCR, you can store, manage, and secure your Docker container images easily. All you want is a service account with proper access permission. GCR is not just a docker repository. You can easily set up CI/CD pipelines with integration to Cloud Build or deploy directly to Google Kubernetes Engine, App Engine, Cloud Functions, or Firebase with GCR.
Sunucu İsimleri
Açıklaması şöyle
- gcr.io hosts images in data centers in the United States, but the location may change in the future- us.gcr.io hosts images in data centers in the United States, in a separate storage bucket from images hosted by gcr.io- eu.gcr.io hosts the images in the European Union- asia.gcr.io hosts images in data centers in Asia
GCloud and configure
Önce şöyle yaparız
Go to Google Container Registry (GCR) and enable the Container Registry API.
Google hesabına giriş için şöyle yaparız
gcloud auth login
Daha sonra servise erişmek gerekir. Açıklaması şöyle
Then run the command to configure authentication with service account credentials. Replace the below variables.- service_account_name — the name of the service account created in step 01.
- project_id — your project ID
- downloaded_key_file_name — the name of the downloaded key file in step 01.
Servise erişmek için şöyle yaparız
gcloud auth activate-service-account <SERVICE_ACCOUNT_NAME@PROJECT_ID.iam.gserviceaccount.com> --key-file=<DOWNLOADED_KEY_FILE_NAME>.json
docker konfigürasyonuna GCR'yi eklemek için şöyle yaparız
gcloud auth configure-docker
Çıktısı şöyle
Adding credentials for all GCR repositories. WARNING: A long list of credential helpers may cause delays running 'docker build'. We recommend passing the registry name to configure only the registry you are using. After update, the following will be written to your Docker config file located at [/Users/romina/.docker/config.json]: { "credHelpers": { "gcr.io": "gcloud", "us.gcr.io": "gcloud", "eu.gcr.io": "gcloud", "asia.gcr.io": "gcloud", "staging-k8s.gcr.io": "gcloud", "marketplace.gcr.io": "gcloud" } } Do you want to continue (Y/n)? Y Docker configuration file updated.
Örnek
us-east1 için şöyle yaparız
gcloud auth configure-docker us-east1-docker.pkg.dev
GCR'ye Image Push
1. Yerel image retag'lenir
2. Sonra image push'laınr
Örnek
Yerel image'a retag atmak için şöyle yaparız
docker tag hello-world:latest gcr.io/PROJECT_ID/hello-world:v1
Kontrol etmek için şöyle yaparız
docker images
Push'lamak için şöyle yaparız
docker push gcr.io/PROJECT_ID/hello-world:v1
Kontrol etmek için şöyle yaparız
docker pull gcr.io/PROJECT_ID/hello-world:v1
Örnek
Şöyle yaparız
docker tag my-image us-east1-docker.pkg.dev/my-project/my-repo/test-image docker push us-east1-docker.pkg.dev/PROJECT-ID/REPOSITORY/IMAGE:TAG
GCR'yi Başka Bir Kubernetes Ortamından Kullanmak - imagePullSecrets
Herhangi bir GCR'ye erişmek için doğrulama gerekir.
1. Create Credentials for GCR
Adımlar şöyle
1. Go to the GCP Console. Select “API & Services” > “Credentials”2. Select “Create credentials” > “Services Account Key” > “Create New Services Account”.3. And then, fill the service account name, and for the Role, select the Viewer4. And click Create. After we create, the credential will automatically be downloaded in a JSON file.
2. Add a Kubernetes Secret in Kubernetes Cluster
Örnek
Şöyle yaparız. secret ismi gcr-json-key. Dosya ismi json-key-file-from-gcp.json
$ kubectl create secret docker-registry gcr-json-key \
--docker-server=asia.gcr.io \
--docker-username=_json_key \
--docker-password="$(cat ~/json-key-file-from-gcp.json)" \
--docker-email=any@valid.email
Secret'ı kontrol etmek için şöyle yaparız
$ kubectl get secret NAME TYPE DATA AGE gcr-json-key kubernetes.io/dockerconfigjson 1 6s
3: Using the Secret for Deployment
Burada iki seçenek var. Bunlar şöyle
- Add the secret into ImagePullSecrets in default service account in a Kubernetes’s namespace. With this method, every pod that will be deployed will use the secret when pulling the images.- The other way is, add the secret directly to deployment configuration to each pod who needs it.
kubetctl komutuna eklemek için şöyle yaparız
$ kubectl patch serviceaccount default \ -p '{"imagePullSecrets": [{"name": "gcr-json-key"}]}'
yaml dosyasına eklemek için şöyle yaparız. Burada image isminde "gcr.io/PROJECT_ID/hello-world" gibi bir şey kullanıldığını görebiliriz.
apiVersion: v1 kind: Pod metadata: name: august spec: containers: - name: august image: asia.gcr.io/personal-project/august:latest imagePullSecrets: - name: gcr-json-key
Hiç yorum yok:
Yorum Gönder