Cheat Sheet

Microk8s tips and tricks

Install

Latest

snap install microk8s --classic

Specific version

snap install microk8s --classic --channel=1.17/stable

Set group

sudo usermod -a -G microk8s $USER

Logout from your workstation session and login again.

Useful commands

Get kubeconfig

microk8s.config > $HOME/.kube/config

Reset cluster

microk8s reset --destroy-storage

References

https://microk8s.io/docs/commands

Built-in Registry

Push

Pushing to this insecure registry may fail in some versions of Docker unless the daemon is explicitly configured to trust this registry. To address this we need to edit /etc/docker/daemon.json and add:

/etc/docker/daemon.json
{
  "insecure-registries" : ["localhost:32000"]
}

Then restart docker.

sudo systemctl restart docker

Enable registry, build and push image.

microk8s enable registry #20Gi registry
#microk8s enable registry:size=40Gi

# Build image
docker build . -t localhost:32000/myimage:registry

# Or tag an existing image
#docker tag 1fe3d8f47868 localhost:32000/myimage:registry

docker push localhost:32000/myimage:registry

Deploy it.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: myapp
  namespace: myapp
  labels:
    app: myapp
spec:
  selector:
    matchLabels:
      app: myapp
  template:
    metadata:
      labels:
        app: myapp
    spec:
      containers:
      - name: myapp
        image: localhost:32000/myimage:registry
        imagePullPolicy: Always
        ports:
        - containerPort: 8000

Remove

Run on your workstation:

registry=localhost:32000
repositories=$(curl ${registry}/v2/_catalog)
for repo in $(echo "${repositories}" | jq -r '.repositories[]'); do
  echo $repo
  tags=$(curl -sSL "http://${registry}/v2/${repo}/tags/list" | jq -r '.tags[]')
  for tag in $tags; do
    echo $tag
    curl -v -sSL -X DELETE "http://${registry}/v2/${repo}/manifests/$(
      curl -sSL -I \
          -H "Accept: application/vnd.docker.distribution.manifest.v2+json" \
          "http://${registry}/v2/${repo}/manifests/$tag" \
      | awk '$1 == "Docker-Content-Digest:" { print $2 }' \
      | tr -d $'\r' \
    )"
  done
done

Then run:

registry_pod=$(kubectl --namespace="container-registry" get pods --template '{{range .items}}{{.metadata.name}}{{"\n"}}{{end}}')
kubectl exec --namespace="container-registry" $registry_pod /bin/registry garbage-collect /etc/docker/registry/config.yml

Local private registry

Allow insecure registry:

/etc/docker/daemon.json
{
  "insecure-registries" : ["172.17.0.1:5001"]
}

Restart docker.

sudo systemctl restart docker

Stop microk8s, backup and edit config file.

microk8s stop
sudo cp /var/snap/microk8s/current/args/containerd-template.toml /var/snap/microk8s/current/args/containerd-template.toml-BKP
nano /var/snap/microk8s/current/args/containerd-template.toml

Add the following section.

...
  [plugins."io.containerd.grpc.v1.cri".registry]
...
    [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
...
      [plugins."io.containerd.grpc.v1.cri".registry.mirrors."172.17.0.1:5001"]
        endpoint = ["http://172.17.0.1:5001"]

Start microk8s.

microk8s start

Start local registry.

docker run -it --rm \
  -e REGISTRY_HTTP_ADDR=0.0.0.0:5001 \
  -p 5001:5001 \
  --name local-registry \
  registry:2

Tag and push image.

docker tag ubuntu:18.04 172.17.0.1:5001/my-ubuntu:0.0.1
docker push 172.17.0.1:5001/my-ubuntu:0.0.1
curl 172.17.0.1:5001/v2/_catalog

Test it.

microk8s kubectl run -it --rm tmp --image=172.17.0.1:5001/my-ubuntu:0.0.1

References

https://microk8s.io/docs/registry-private

PreviousZshNextCheat Sheet

Last updated