From d74a839bc593206a2c449315449aa5bf51f9fb25 Mon Sep 17 00:00:00 2001 From: Moritz Graf Date: Sat, 11 Apr 2020 21:50:50 +0200 Subject: [PATCH] Adding new docker pull secret --- k8s/README.md | 70 +++++++++++++-------------- k8s/datalab/docker-pull.yaml.secret | Bin 402 -> 412 bytes k8s/development/registry.secret.yaml | Bin 211 -> 1008 bytes k8s/development/registry.yaml | 14 ------ 4 files changed, 35 insertions(+), 49 deletions(-) delete mode 100644 k8s/development/registry.yaml diff --git a/k8s/README.md b/k8s/README.md index ae1c76b..0fa5120 100644 --- a/k8s/README.md +++ b/k8s/README.md @@ -90,6 +90,41 @@ Currently only for one user: kubectl apply -f datalab/rstudio.yaml ``` + +## Add private docker registry + +*Current state:* Registry of hub.moritzgraf.de:5000 is used. + +```sh +# create secret base64 encoded and put it in htpasswd helm chart +USER='moritz' +PASSWORD='xxx' +docker run --entrypoint htpasswd --rm registry:2 -Bbn $USER $PASSWORD +# +kubectl apply -f development/registry.secret.yaml +``` + +### creating docker-pull-secret + +Create credentials secret [according to docu](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-secret-by-providing-credentials-on-the-command-line): + +```sh +namespaces="datalab" +for i in $( echo $namespaces ) ; do + kubectl create secret docker-registry registry-haumdaucher-de \ + -n $i \ + --docker-server=registry.haumdaucher.de \ + --docker-username=moritz \ + --docker-password='xxx' \ + --docker-email=moritz@moritzgraf.de \ + --dry-run -o yaml > ./${i}/docker-pull.yaml.secret +done +# apply +for i in $( echo $namespaces ) ; do + kubectl apply -f ${i}/docker-pull.yaml.secret +done +``` + ## auth Including: @@ -117,41 +152,6 @@ Migate Backup -## Add private docker registry - -*Current state:* Registry of hub.moritzgraf.de:5000 is used. - -```sh -# create secret base64 encoded -USER="moritz" -PASSWORD="password" -docker run --entrypoint htpasswd --rm registry:2 -Bbn admin admin123 | base64 -# use the output and put it in development/registry.secret.yaml -kubectl apply -f development/registry.yaml - -``` - - -### after - -Create credentials secret [according to docu](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-secret-by-providing-credentials-on-the-command-line): - -```sh -namespaces="datalab" -for i in $( echo $namespaces ) ; do - kubectl create secret docker-registry hub-moritzgraf-de \ - -n $i \ - --docker-server=hub.moritzgraf.de:5000 \ - --docker-username=moritz \ - --docker-password='xxx' \ - --docker-email=moritz@moritzgraf.de \ - --dry-run -o yaml > ./${i}/docker-pull.yaml.secret -done -# apply -for i in $( echo $namespaces ) ; do - kubectl apply -f ${i}/docker-pull.yaml.secret -done -``` ## Add mopbot & corona & corona-api diff --git a/k8s/datalab/docker-pull.yaml.secret b/k8s/datalab/docker-pull.yaml.secret index 6e44b7cb1b6e1613992fcda4b27915d69e50847a..2a58f0d685fedb82925fd0424b353b45b8c906dd 100644 GIT binary patch literal 412 zcmV;N0b~9EM@dveQdv+`0KJKz?AEt#5a5AoMB;o4UdI%Byl^KONaPp+h5HvE-44z8 zn@hfNT3fWMF+n%V#EZwNrmS4+Iy!N#;5<|xNzoV}ZY#=LHyeBoT;{fs#I~oxAAKRy zkK3G((MH?u-G5PG_Z1N!np)#{52DEZ%rT~c0qDmH{AD${qUD&Pno)2+y8oLg@uXH6o3Rez-~ygc#n9W6+Aee5FG>GRsG1Y-P8*y6I>{C!_ z0DCXlnCpp&eR2bR%b=Q5KAK}pVu8bR5Iz1t!F@yUD#)X=0>Hs2hnj&> GF87`gmd&I9 literal 402 zcmV;D0d4*OM@dveQdv+`0O)^^Ne!`;W434gYH5;1F0Za@C-HEHAGGrY_Pfnemg&?G zL|v-YXITPxW*jd^vxLsp|9#iY_^psnQm<@eA)=xIvKD`bIYV%pU3-Kpp-dB)IaRs< zn%9a=)Z9t%uT>db`>6*h#PO1V(nwH>@DY zY?QeNT7LwRr3{`DO`24nQQORe7OiSrt74VK(IWfa;XbBH-atg0Bpa5&`X^wr&VAOI zBE?L)91_c>4bl|eJg1{!TKx90-~VTJg8&`gMvi4h+``TekfS7AuP(0dG_$Gt(0V@U zM>nFkgP66X<6N0_bT}W1=u&$zSL}snR}kJ}k+`!#?_Z-)yCd@PrZXKV_>c6+D%0Xz z{q!9Pv^;v<7ReTobLxs3?NS;2k>;14sJfr>=O47%UF<9i?Q-g~T%%*On!Dmg$(3S( w#X8+dYgL_Olx|hhV%khqLD^B(PKA;dzpNGThRxoh@5T$Mi|&F1@rn6W4th$?qyPW_ diff --git a/k8s/development/registry.secret.yaml b/k8s/development/registry.secret.yaml index 43549df896bc00725527151c0e3ce4682e9fecc9..1a078bd44366296c8eb82ec9ff1ed54a2bb015a0 100644 GIT binary patch literal 1008 zcmVJvJOPPLT1z zGJ*{v!Ut%3=SCR42ejgt?2E7VRC58q962$FAxrI%$YD!aO!s3CeVY<0Dfjx5fe};c*P&;Y=b*8@H>8Y zxJf6tU?JrnRby@^(-Tdx`2;A%O{O

aWa^2ik_IbVnAeykb{P%iL763a8pNIhy;X zH$l@_d_Uk$#QxqOml^SQ=lNy#@u;y)x!P38O(WP$QmbF>+|41nv z@pR0u->cy`cDC>>9pTA4lcP2{dYyW$u36nol=)tWi!gJ<(W8S<{vZPe2fKGnfQ=6IS_jj)LvvHcww7{$)X@j5sP!URIYM;<4+&gBdpcT z%(dQ@qKihh^o)XHSFmt8)X_U>*=BHLJQ4Wa7r8&p!r*CAxRh6^)9g1oJ34pl)Wv27 zKJMqu4nRwU!0O#Gy5SqSRKXE7vH^rR^4{G03MabDD)=-ZXn>d6<7$%(%c5ZT2g;

}FajPIxEEy>_25eNB)zk@2RpbcMctH)_WmH$w{ z!u|;P7Jo#3fhzs+(`H(|?R>u#EP;&bm387~`>u N`I~mY+bZr=(YlxlZGQj& diff --git a/k8s/development/registry.yaml b/k8s/development/registry.yaml deleted file mode 100644 index 9ee1437..0000000 --- a/k8s/development/registry.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -apiVersion: cert-manager.io/v1alpha2 -kind: Certificate -metadata: - name: registry - namespace: development -spec: - secretName: registry-haumdaucher-de - dnsNames: - - registry.haumdaucher.de - issuerRef: - name: letsencrypt-prod - kind: ClusterIssuer - group: cert-manager.io \ No newline at end of file