[cka]kodekloud-Image Security

1. What secret type must we choose for docker registry?

kubectl create secret --help

A) docker registry

 

2. We have an application running on our cluster. Let us explore it first. What image is the application using?

kubectl get pods
kubectl describe pods web-bd975bd87-nj92v

A) nginx:alpine

 

3.We decided to use a modified version of the application from an internal private registry. Update the image of the deployment to use a new image from myprivateregistry.com:5000

The registry is located at myprivateregistry.com:5000. Don't worry about the credentials for now. We will configure them in the upcoming steps.

• Use Image from private registry

k edit deployments web

A) ok

 

4. 이미지 잘 동작하는지?

A) NO

 

5.Create a secret object with the credentials required to access the registry.

Name: private-reg-cred
Username: dock_user
Password: dock_password
Server: myprivateregistry.com:5000
Email: dock_user@myprivateregistry.com

• Secret: private-reg-cred

• Secret Type: docker-registry

• Secret Data

kubectl create secret docker-registry private-reg-cred --docker-username=dock_user --docker-password=dock_password --docker-server=myprivateregistry.com:5000 --docker-email=dock_user@myprivateregistry.com

kubectl get secret

6.Configure the deployment to use credentials from the new secret to pull images from the private registry

• Image Pull Secret: private-reg-cred

kubectl edit deployment web

 

https://kubernetes.io/docs/reference/kubectl/cheatsheet/

kubectl Cheat Sheet

7. Check the status of PODs. Wait for them to be running. You have now successfully configured a Deployment to pull images from the private registry.

 

A) ok