Kubernetes and Google Cloud Container Registry
KubernetesGCPHere I explain how to make your Kubernetes cluster work with the google container repository (Google Container Registry). It's not hard, here what we need to make it work.
- Create a service account
- Create a secret inside your kubernetes cluster
- Use it on a deployment
- Bonus: Helm example usage
This post is related to Kubernetes, Helm, Laravel, PHP-FPM, Nginx, GitLab the DevOps Way, where I'm taking a small detail that I explain in a more precise way.
Create a service account #
You need to create a service account with the following access.
- Container Registry Service Agent
Generate the key.json, you will need it.
Create a Kubernetes secret #
kubectl create secret docker-registry gcr-io \
--docker-server eu.gcr.io \
--docker-username _json_key \
--docker-email pull-image-read-account@xxx.iam.gserviceaccount.com \
--docker-password="$(cat docker.json)" \
--namespace=defaultIn Kubernetes, there is different type of secret, you need the docker-registry, dont miss this part.
Use in a deployment #
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
labels:
app: nginx
spec:
replicas: 3
imagePullSecrets:
- name: gcr-io
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:1.14.2
ports:
- containerPort: 80You only need to add the imagePullSecrets tags like above. The name must correspond to your secret, on the same namespace.
With Helm #
This is a usual need, it's already in a generated Helm template once you have done a helm create myapp. Simply replace the imagePullSecrets with something as below, and replace with your secret.
# values.yaml
imagePullSecrets:
- name: gcr-ioHope this can help someone. Thanks.