-
Notifications
You must be signed in to change notification settings - Fork 34
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add devrel section to the docs #1124
Changes from 52 commits
e65bb77
92a1e1b
79b16a6
40f56ac
02f76e1
355a8e8
d2766ec
7b85c98
fb4fff7
bcd8af2
2cbfaf6
c7103f5
4e8dc5b
f5ee20e
9564500
8e52a6a
70df93e
66d8574
b38c346
b24e13e
4592e04
eccf8e7
2bf0c8c
e4ea7b6
b1a6b1d
aae3593
153a6d1
1d83483
88cf7d6
86199d4
e129593
6fd4d38
67ac8e3
066ecb4
1ea9b0e
d0d8ca5
d403a75
8801695
e10eb99
8773d9c
5196f58
ca149f2
2c26c32
f769352
43d81de
0c2fd60
fae5094
803370d
13d4356
7f223b2
166b03a
36c0cb5
a43b4f0
4ae256a
143b13c
3648506
4aeafeb
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
--- | ||
title: "Kubernetes Knowledge Hub" | ||
metaTitle: "Kubernetes Knowledge Hub" | ||
metaDescription: "Kubernetes Knowledge Hub Respository" | ||
icon: "bookmark" | ||
hideToCSidebar: true | ||
hideToC: true | ||
fullWidth: true | ||
--- | ||
|
||
import Tabs from 'shared/components/ui/Tabs'; | ||
import WarningBox from 'shared/components/WarningBox'; | ||
import InfoBox from 'shared/components/InfoBox'; | ||
import PointsOfInterest from 'shared/components/common/PointOfInterest'; | ||
import Tooltip from "shared/components/ui/Tooltip"; | ||
|
||
# Welcome to the Spectro Cloud Knowledge Portal | ||
|
||
Welcome to the Spectro Cloud Kubernetes Knowledge Hub. You will find core Kubernetes tutorials, how-tos, frequently asked questions, and community curated resources. | ||
|
||
If you have a topic in mind you would like to see, use the Feedback app on the lower-right-hand corner. | ||
<br /> | ||
|
||
- [How-To](/kubernetes-knowlege-hub/how-to) | ||
|
||
|
||
- [Tutorials](/kubernetes-knowlege-hub/tutorials) | ||
|
||
|
||
- [Community](/kubernetes-knowlege-hub/community) | ||
|
||
|
||
<br /> |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
--- | ||
title: "How to" | ||
metaTitle: "Get started with a quick Kubernetes How-to" | ||
metaDescription: "Kubernetes School with How to" | ||
icon: "book" | ||
hideToC: false | ||
fullWidth: false | ||
hiddenFromNav: false | ||
--- | ||
|
||
import Tabs from 'shared/components/ui/Tabs'; | ||
import WarningBox from 'shared/components/WarningBox'; | ||
import InfoBox from 'shared/components/InfoBox'; | ||
import PointsOfInterest from 'shared/components/common/PointOfInterest'; | ||
import Tooltip from "shared/components/ui/Tooltip"; | ||
|
||
# How To | ||
|
||
Learn about core Kubernetes concepts and how you can apply them on Spectro Cloud Palette. | ||
|
||
# Core Kubernetes | ||
- [How To Retrieve Images from a Private Registry in Kubernetes](/kubernetes-knowlege-hub/how-to/how-to-retrieve-images-from-private-registry) | ||
|
||
|
||
|
||
- [Deploy a Stateless Frontend Application on Kubernetes](/kubernetes-knowlege-hub/how-to/deploy-stateless-frontend-app) | ||
|
||
<br /> |
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. These changes are mainly related to the title headings. |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,185 @@ | ||
--- | ||
title: "Retrieve Images from a Private Registry" | ||
metaTitle: "Retrieve Images from a Private Registry" | ||
metaDescription: "Create a Kubernetes Secret to retrieve images from a private registry." | ||
icon: "" | ||
hideToC: false | ||
fullWidth: false | ||
hiddenFromNav: false | ||
--- | ||
|
||
import Tabs from 'shared/components/ui/Tabs'; | ||
import WarningBox from 'shared/components/WarningBox'; | ||
import InfoBox from 'shared/components/InfoBox'; | ||
import PointsOfInterest from 'shared/components/common/PointOfInterest'; | ||
import Tooltip from "shared/components/ui/Tooltip"; | ||
|
||
# How To Retrieve Images from a Private Registry in Kubernetes | ||
|
||
Kubernetes is an open-source container orchestration platform that enables efficient management, deployment, and scaling of containerized applications. | ||
|
||
By default, Docker and Kubernetes allow a limited number of unauthenticated pulls from a Docker registry, such as Docker Hub. When you exceed this limit, you will not be able to pull any more images until the limit resets. | ||
|
||
The limit is based on the IP address of the machine that is making the pulls, so it applies to all containers running on that machine. | ||
|
||
To avoid this issue, we recommend that you authenticate with the Docker registry before pulling images, especially if you are pulling from a private registry. This ensures you have access to the images you need and can pull them without restrictions or limitations. | ||
Princesso marked this conversation as resolved.
Show resolved
Hide resolved
|
||
|
||
To log into a Docker registry from Kubernetes, you must create a secret that contains your registry credentials. You can use this secret in a Kubernetes deployment configuration to pull images from the registry. | ||
|
||
In this tutorial, you will log into a private docker registry to pull existing images of an application that you will deploy in Kubernetes. | ||
|
||
# Prerequisites | ||
|
||
- The kubectl [command-line tool](https://kubernetes.io/docs/tasks/tools/install-kubectl-linux/). Kubectl allows you to connect to, configure and work with your clusters through the command line. | ||
karl-cardenas-coding marked this conversation as resolved.
Show resolved
Hide resolved
|
||
- Access to a private registry. [DockerHub](https://hub.docker.com/) offers a single private registry on the free tier. If you do not have a personal registry account, you can use DockerHub. | ||
- Access to a running Kubernetes cluster. To learn how to create clusters in different environments using Palette, review guides listed under [Clusters](docs.spectrocloud.com/clusters) or visit the [Palette Onboarding Workflow](docs.spectrocloud.com/getting-started/onboarding-workflow#paletteonboardingworkflow) guide. To learn how to create a Kubernetes cluster from scratch, check out the [Create a Cluster](https://kubernetes.io/docs/tutorials/kubernetes-basics/create-cluster/) Kubernetes resource. | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 🚫 [vale] reported by reviewdog 🐶 |
||
|
||
The following example explains how you can create a secret and use it in a Kubernetes deployment: | ||
|
||
## Create a Credentials JSON File | ||
|
||
First, create a file called **registry-creds.json** that contains your registry credentials in the following format: | ||
|
||
```json | ||
{ | ||
"auths": { | ||
"example.registry.com": { | ||
"username": "username", | ||
"password": "password" | ||
} | ||
} | ||
} | ||
``` | ||
|
||
Keeping passwords in plain text is unsafe. Kubernetes automatically encodes passwords used to create a secret in base64. Encoding passwords does not mean your passwords cannot be decoded. | ||
|
||
## Create a Kubernetes Secret | ||
|
||
Use the kubectl command-line tool to generate a secret from the **registry-creds.json** file: | ||
|
||
```bash | ||
kubectl create secret generic myregistrykey --from-file=registry-creds.json | ||
``` | ||
|
||
You can use the command below to view the secret created in detail. | ||
|
||
```bash | ||
kubectl get secret/myregistrykey --output json | ||
``` | ||
|
||
The command output displays the content of the **registry-creds.json** file as base 64 encoded. | ||
|
||
```json | ||
{ | ||
"apiVersion": "v1", | ||
"data": { | ||
"registry-creds.json": "ewogICJhdXRocyI6IHsKICAgICJleGFtcGxlLnJlZ2lzdHJ5LmNvbSI6IHsKICAgICAgInVzZXJuYW1lIjogInRlc3RfdXNlcm5hbWUiLAogICAgICAicGFzc3dvcmQiOiAidGVzdF9wYXNzd29yZCIKICAgIH0KICB9Cn0K" | ||
}, | ||
"kind": "Secret", | ||
"metadata": { | ||
"creationTimestamp": "2023-03-22T08:44:26Z", | ||
"name": "myregistrykey", | ||
"namespace": "default", | ||
"resourceVersion": "1552285", | ||
"uid": "ccfb047b-67c8-446b-a69a-6eb762c3100f" | ||
}, | ||
"type": "Opaque" | ||
} | ||
``` | ||
|
||
You will decode the secret you created to verify that secrets are not secure. | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I'm not sure what's happening here. Is this a "test" of sorts to decode the secret? And the test is to confirm that secrets are not secure? "To verify that secrets are not secure" is unclear. Maybe it's something like "To show you that...?" I'm not sure of the point being made here. Suggestion: "Invoke the following command to ..."
Princesso marked this conversation as resolved.
Show resolved
Hide resolved
|
||
|
||
```bash | ||
kubectl get secret myregistrykey --output jsonpath='{.data.registry-creds\.json}' | base64 --decode | ||
``` | ||
|
||
The output of issuing the command above is the content of the JSON file you used to create the secret. | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This sentence a bit awkward, but I'm not sure how to correct it because I'm not sure what's happening with decoding. As a follow-up to my comment about line 90, I'm not sure how line 96 ties in. Did we decode a secret and then re-encode it? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
Thanks for taking the time to review this piece. In this section, we created a secret. When a secret is created with Kubernetes it is automatically base64 encoded. We, however, added that the fact that a secret is base64 encoded does not make it safe. So we went ahead to decode the secret to demonstrate that encoded secrets can be decoded. |
||
|
||
```json | ||
{ | ||
"auths": { | ||
"example.registry.com": { | ||
"username": "username", | ||
"password": "password" | ||
} | ||
} | ||
} | ||
``` | ||
|
||
## Add Secret to Deployment Config | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 🚫 [vale] reported by reviewdog 🐶 |
||
|
||
In your Kubernetes deployment configuration, specify the name of the secret you just created for the imagePullSecrets parameter: | ||
|
||
```yaml | ||
apiVersion: apps/v1 | ||
kind: Deployment | ||
metadata: | ||
name: my-deployment | ||
spec: | ||
replicas: 3 | ||
selector: | ||
matchLabels: | ||
app: my-app | ||
template: | ||
metadata: | ||
labels: | ||
app: my-app | ||
spec: | ||
containers: | ||
- name: my-container | ||
image: registry.example.com/my-image | ||
imagePullSecrets: | ||
- name: myregistrykey | ||
``` | ||
|
||
## Apply the Deployment Configuration | ||
|
||
```bash | ||
kubectl apply --file deployment.yaml | ||
``` | ||
|
||
With this configuration in place, Kubernetes will use the registry credentials in the `myregistrykey` secret to log into the registry and pull the specified image when deploying the application. | ||
|
||
## Other Docker Registry Authentication Methods | ||
|
||
An alternative way to log into a Docker registry from Kubernetes is by using the command line. | ||
|
||
Authenticate to the private registry. Here’s an example of how to do this: | ||
|
||
```bash | ||
$ kubectl create secret docker-registry <secret-name> \ | ||
--docker-server=<registry-url> \ | ||
--docker-username=<username> \ | ||
--docker-password=<password> \ | ||
--docker-email=<email> | ||
``` | ||
|
||
In the snippet above, **`<secret-name>`** refers to a unique name for the secret, **`<registry-url>`** is the URL of the private registry. Replace the **`<username>`** with the username for authentication and **`<password>`** with the password for authentication. Also, replace **`<email>`** | ||
with the email associated with the authentication credentials. | ||
|
||
Add the secret created in the previous step to the default service account with the following code. | ||
|
||
```bash | ||
$ kubectl patch serviceaccount default \ | ||
karl-cardenas-coding marked this conversation as resolved.
Show resolved
Hide resolved
|
||
--port '{"imagePullSecrets": [{"name": "<secret-name>"}]}' | ||
``` | ||
|
||
Replace **`<secret-name>`** with the secret created in the previous step. | ||
|
||
Once you are authenticated and have added the secret to your default service account, you can use the kubectl command to pull images from the registry and deploy them to your Kubernetes cluster as follows. | ||
|
||
```bash | ||
$ kubectl run <deployment-name> \ | ||
--image=<registry-url>/<image-name>:<tag> \ | ||
--port=<container-port> | ||
karl-cardenas-coding marked this conversation as resolved.
Show resolved
Hide resolved
|
||
``` | ||
|
||
The line above will create a new deployment using the image specified from the private registry. | ||
|
||
# Next Steps | ||
|
||
Accessing images from a private registry in Kubernetes can be challenging due to the need to authenticate with the registry. | ||
|
||
To solve this challenge, you have learned how to create a Kubernetes secret with your Docker registry credentials and use it in a Kubernetes deployment configuration. This allows you to pull images from your private registry without restrictions or limitations. | ||
|
||
To learn more about Kubernetes and how to use it to deploy your application, you can visit [our documentation.](https://docs.spectrocloud.com/) You can also read about [how to deploy a stateless frontend application](https://www.notion.so/How-To-Deploy-A-Stateless-Frontend-App-with-Kubernetes-b885ae2307e94ef191a1b713fe29c81f) on Kubernetes or join our [slack channel](https://join.slack.com/t/spectrocloudcommunity/shared_invite/zt-1mw0cgosi-hZJDF_1QU77vF~qNJoPNUQ) to have exciting conversations on Kubernetes with our community members. | ||
Princesso marked this conversation as resolved.
Show resolved
Hide resolved
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's remove these as one page is empty, and the other does not exists.