Cheat Sheet
Microk8s tips and tricks
snap install microk8s --classic
snap install microk8s --classic --channel=1.17/stable
sudo usermod -a -G microk8s $USER
Logout from your workstation session and login again.
microk8s.config > $HOME/.kube/config
microk8s reset --destroy-storage
Pushing to this insecure registry may fail in some versions of Docker unless the daemon is explicitly configured to trust this registry. To address this we need to edit /etc/docker/daemon.json and add:
/etc/docker/daemon.json
{
"insecure-registries" : ["localhost:32000"]
}
Then restart docker.
sudo systemctl restart docker
Enable registry, build and push image.
microk8s enable registry #20Gi registry
#microk8s enable registry:size=40Gi
# Build image
docker build . -t localhost:32000/myimage:registry
# Or tag an existing image
#docker tag 1fe3d8f47868 localhost:32000/myimage:registry
docker push localhost:32000/myimage:registry
Deploy it.
apiVersion: apps/v1
kind: Deployment
metadata:
name: myapp
namespace: myapp
labels:
app: myapp
spec:
selector:
matchLabels:
app: myapp
template:
metadata:
labels:
app: myapp
spec:
containers:
- name: myapp
image: localhost:32000/myimage:registry
imagePullPolicy: Always
ports:
- containerPort: 8000
Run on your workstation:
registry=localhost:32000
repositories=$(curl ${registry}/v2/_catalog)
for repo in $(echo "${repositories}" | jq -r '.repositories[]'); do
echo $repo
tags=$(curl -sSL "http://${registry}/v2/${repo}/tags/list" | jq -r '.tags[]')
for tag in $tags; do
echo $tag
curl -v -sSL -X DELETE "http://${registry}/v2/${repo}/manifests/$(
curl -sSL -I \
-H "Accept: application/vnd.docker.distribution.manifest.v2+json" \
"http://${registry}/v2/${repo}/manifests/$tag" \
| awk '$1 == "Docker-Content-Digest:" { print $2 }' \
| tr -d $'\r' \
)"
done
done
Then run:
registry_pod=$(kubectl --namespace="container-registry" get pods --template '{{range .items}}{{.metadata.name}}{{"\n"}}{{end}}')
kubectl exec --namespace="container-registry" $registry_pod /bin/registry garbage-collect /etc/docker/registry/config.yml
Allow insecure registry:
/etc/docker/daemon.json
{
"insecure-registries" : ["172.17.0.1:5001"]
}
Restart docker.
sudo systemctl restart docker
Stop
microk8s, backup and edit config file.microk8s stop
sudo cp /var/snap/microk8s/current/args/containerd-template.toml /var/snap/microk8s/current/args/containerd-template.toml-BKP
nano /var/snap/microk8s/current/args/containerd-template.toml
Add the following section.
...
[plugins."io.containerd.grpc.v1.cri".registry]
...
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
...
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."172.17.0.1:5001"]
endpoint = ["http://172.17.0.1:5001"]
Start
microk8s.microk8s start
Start local registry.
docker run -it --rm \
-e REGISTRY_HTTP_ADDR=0.0.0.0:5001 \
-p 5001:5001 \
--name local-registry \
registry:2
Tag and push image.
docker tag ubuntu:18.04 172.17.0.1:5001/my-ubuntu:0.0.1
docker push 172.17.0.1:5001/my-ubuntu:0.0.1
curl 172.17.0.1:5001/v2/_catalog
Test it.
microk8s kubectl run -it --rm tmp --image=172.17.0.1:5001/my-ubuntu:0.0.1
Last modified 2yr ago