Minukube & Amazon EC2 Container Registry
Mon 05 December 2016
Minukube is an easy way to run Kubernetes locally. When we want to build a Docker image in Minukube (so Kubernetes has an access to it), we can configure our Docker client to communicate with the Minikube Docker daemon.
$ minikube start
Starting local Kubernetes cluster...
Kubectl is now configured to use the cluster.
$ eval $(minikube docker-env)
$ docker build -t fizz/bazz:latest .
What if we need to create a Kubernetes Deployment which pulls a Docker image from AWS ECR?
$ kubectl create -f - <<<'
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: my-deployment
spec:
replicas: 1
template:
metadata:
labels:
app: my-app-name
spec:
containers:
- name: my-container-name
image: 4338991606.dkr.ecr.eu-west-1.amazonaws.com/fizz/bazz:latest
'
Kubernetes will fail to get the image due to authentication error (no credentials). One of the solutions is to use imagePullSecrets. The following command creates a secret for use with a Docker registry.
$ kubectl create secret docker-registry my-docker-credentials \
--docker-server=DOCKER_REGISTRY_SERVER \
--docker-username=DOCKER_USER \
--docker-password=DOCKER_PASSWORD \
--docker-email=DOCKER_EMAIL
Firstly, let's obtain DOCKER_USER and DOCKER_PASSWORD. For that, we'll need awscli Python library and environment variables AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY set up.
$ pip install awscli
$ export AWS_ACCESS_KEY_ID='AKIAI44QH8DHBEXAMPLE'
$ export AWS_SECRET_ACCESS_KEY='je7MtGbClwBF/2Zp9Utk/h3yCo8nvbEXAMPLEKEY'
Log in to Amazon ECR registry. This aws command will display $ docker login command. From its output we conclude that DOCKER_USER is AWS, DOCKER_PASSWORD is SomeVeryLongToken and DOCKER_REGISTRY_SERVER is https://4338991606.dkr.ecr.eu-west-1.amazonaws.com respectively.
$ aws ecr get-login --region eu-west-1
docker login -u AWS -p SomeVeryLongToken -e none https://4338991606.dkr.ecr.eu-west-1.amazonaws.com
Now it is time to create a docker-registry secret and update the Deployment manifest. Note that we've added imagePullSecrets which references our private registry.
$ kubectl apply -f - <<<'
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: my-deployment
spec:
replicas: 1
template:
metadata:
labels:
app: my-app-name
spec:
containers:
- name: my-container-name
image: 4338991606.dkr.ecr.eu-west-1.amazonaws.com/fizz/bazz:latest
imagePullSecrets:
- name: my-docker-credentials
'
Kubernetes should be able to pull the image from Amazon Container Registry.
Category: Infrastructure Tagged: kubernetes aws minukube