サンプルだとよくECRやGCRにコンテナイメージをアップロードするように言われるが、とりあえずローカルで確認したいときに、Kubernetesクラスタ内にdockerレジストリを作る方法について調べた。
registryを作成
Using a Local Registry with Minikube
https://hub.docker.com/_/registry を使う
docker-registry.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: docker-registry
labels:
app: docker-registry
spec:
replicas: 1
selector:
matchLabels:
app: docker-registry
template:
metadata:
labels:
app: docker-registry
spec:
containers:
- name: docker-registry
image: registry:2.8
ports:
- containerPort: 5000
volumeMounts:
- name: registry
mountPath: /var/lib/registry
volumes:
- name: registry
hostPath:
type: Directory
path: /tmp/.registry/storage
---
kind: Service
apiVersion: v1
metadata:
name: docker-registry
spec:
ports:
- name: "http-port"
protocol: TCP
port: 5000
targetPort: 5000
selector:
app: docker-registry$ kubectl apply -f docker-registry.yaml確認
適当なpodを作って、疎通確認
pod-nginx.yaml
apiVersion: v1
kind: Pod
metadata:
name: nginx
spec:
containers:
- name: nginx
image: nginx$ kubectl apply -f pod-nginx.yaml
$ kubectl exec nginx -it -- bash
root@nginx:/# curl docker-registry:5000/v2/_catalog
{"repositories":["v2/my_app"]}kanikoのイメージアップロード先を指定
https://github.com/GoogleContainerTools/kaniko
apiVersion: v1
kind: Pod
metadata:
name: kaniko
spec:
containers:
- name: kaniko
image: gcr.io/kaniko-project/executor:latest
args:
- "--insecure"
- "--dockerfile=<path to Dockerfile within the build context>"
- "--context=<path to Dockerfile context dir>"
- "--destination=docker-registry:5000/myapp:version"$ kubectl apply -f kaniko.yamlhttp: server gave HTTP response to HTTPS client エラーが出た
https://github.com/GoogleContainerTools/kaniko#flag---insecure
kaniko 実行時に --insecure オプションをつける