I have created a new docker image that I want to use to replace the current docker image. The application is on the kubernetes engine on google cloud platform.
I believe I am supposed to use the gcloud container clusters update command. Although, I struggle to see how it works and how I'm supposed to replace the old docker image with the new one.
You may want to use kubectl in order to interact with your GKE cluster. Method of image update depends on how the Pod / Container was created.
For some example commands, see https://kubernetes.io/docs/reference/kubectl/cheatsheet/#updating-resources
For example, kubectl set image deployment/frontend www=image:v2 will do a rolling update "www" containers of "frontend" deployment, updating the image.
Getting up and running on GKE: https://cloud.google.com/kubernetes-engine/docs/quickstart
You can use Container Registry[1] as a single place to manage Docker images.
Google Container Registry provides secure, private Docker repository storage on Google Cloud Platform. You can use gcloud to push[2] images to your registry, then you can pull images using an HTTP endpoint from any machine.
You can also use Docker Hub repositories[3] allow you share container images with your team, customers, or the Docker community at large.
[1]https://cloud.google.com/container-registry/
[2]https://cloud.google.com/container-registry/docs/pushing-and-pulling
[3]https://docs.docker.com/docker-hub/repos/
Related
I have a VM with kubernetes installed using kubeadm (NOT minikube). The VM acts a the single node of the cluster, with taints removed to allow it to act as both Master and Worker node (as shown in the kubernetes documentation).
I have saved, transfered and loaded a my app:test image into it. I can easily run a container with it using docker run.
It shows up when I run sudo docker images.
When I create a deployment/pod that uses this image and specify Image-PullPolicy: IfNotPresent or Never, I still have the ImagePullBackoff error. The describe command shows me it tries to pull the image from dockerhub...
Note that when I try to use a local image that was pulled as the result of creating another pod, the ImagePullPolicies seem to work, no problem. Although the image doesn't appear when i run sudo docker images --all.
How can I use a local image for pods in kubernetes? Is there a way to do it without using a private repository?
image doesn't appear when i run sudo docker images --all
Based on your comment, you are using K8s v1.22, which means it is likely your cluster is using containerd container runtime instead of docker (you can check with kubectl get nodes -o wide, and see the last column).
Try listing your images with crictl images and pulling with crictl pull <image_name> to preload the images on the node.
One can do so with a combination of crictl and ctr, if using containerd.
TLDR: these steps, which are also described in the crictl github documentation:
1- Once you get the image on the node (in my case, a VM), make sure it is in an archive (.tar). You can do that with the docker save or ctr image export commands.
2- Use sudo ctr -n=k8s.io images import myimage.tar while in the same directory as thearchived image to add it to containerd in the namespace that kubernetes uses to track it's images. It should now appear when you run sudo crictl images.
As suggested, I tried listing images with crictl and my app:test did not appear. However, trying to import my local image through crictl didn't seem to work either. I used crictl pull app:test and it showed the following error message:
FATA[0000] pulling image failed: rpc error: code = Unknown desc = failed to pull and unpack image "docker.io/library/app:test": failed to resolve reference "docker.io/library/app:test": pull access denied, repository does not exist or may require authorization: server message: insufficient_scope: authorization failed.
However, when following these steps, my image is finally recognized as an existing local image in kubernetes. They are actually the same as suggested in the crictl github documentation
How does one explain this? How do images get "registered" in the kubernetes cluster? Why couldn't crictl import the image? I might post another issue to ask that...
Your cluster is bottled inside of your VM, so what you call local will always be remote for that cluster in that VM. And the reason that kubernetes is trying to pull those images, is because it can't find them in the VM.
Dockerhub is the default place to download containers from, but you can set kubernetes to pull from aws (ECR) from azure (ACR), from github packages (GCR) and from your own private server.
You've got about 100 ways to solve this, none of them are easy or will just work.
1 - easiest, push your images to Dockerhub and let your cluster pull from it.
2 - setup a local private container registry and set your kubernetes VM to pull from it (see this)
3 - setup a private container registry in your kubernetes cluster and setup scripts in your local env to push to it (see this)
Is it possible to take an image or a snapshot of container running inside pod using kubectl?
Via docker, it is possible to use the docker commit command that creates an image of a container from which we can spawn more containers. I wanted to understand if there was something similar that we could do with kubectl.
No, partially because that's not in the kubernetes mental model of anything one would wish to do to a cluster, and partially because docker is not the only container runtime kubernetes uses. Every runtime one could use underneath kubernetes would need to support that operation, and I doubt they do.
You are welcome to do your own docker commit either by getting a shell on the Node, or by running a privileged Pod then connecting to the docker.sock via a volumeMount and running it that way
I want google cloud kubernetes to run my docker image with images. such as:
docker run -it --runtime=nvidia --volume path_to_data:/root/data my_image
How to configure these parameters?
It depends on Registry visibility.
For public images such as nginx it's simple:
Just run:
kubectl run mynginx --image=nginx
There is good explanation: Running a Docker Container on Google Container Engine - YouTube
As for Private registry, there are many cases.
According to manual: Images - Kubernetes
Using a Private Registry
Private registries may require keys to read images from them. Credentials can be provided in several ways:
Using Google Container Registry
Per-cluster
automatically configured on Google Compute Engine or Google Kubernetes Engine
all pods can read the project’s private registry
Using Google Container Registry
Kubernetes has native support for the Google Container Registry (GCR), when running on Google Compute Engine (GCE). If you are running your cluster on GCE or Google Kubernetes Engine, simply use the full image name (e.g. gcr.io/my_project/image:tag).
All pods in a cluster will have read access to images in this registry.
The kubelet will authenticate to GCR using the instance’s Google service account. The service account on the instance will have a https://www.googleapis.com/auth/devstorage.read_only, so it can pull from the project’s GCR, but not push
So, to run image from gcr.io, you can
kubectl run myapp --image=gcr.io/my_project/image:tag
I am new to docker and I have instantiated a strapi container which needs a mongoDB container to be run first. I am currently running this in AWS ECS where I configured the task definition to have both the containers and linked.
I am now just wondering if I can make a docker image out of the existing container system. So in future, I could maybe just post this new image to dockerhub or ECR and run in ECS without any additional configuration like Environment variables or links or multiple containers in single task defintion.
Any ideas would be helpful.
you can create docker image by
docker commit (container-name)
I've already read through Kubernetes tutorials. The problem is the lack of a straight answer on how to get a Kubernetes image for TeamCity into a plain Kubernetes instance.
My install doesn't use Google Cloud engine, Amazon EC2, or Azure, which means I can't use their built-in container registries.
This site appears to recommend installing docker and using it the pull the container image:
https://hub.docker.com/r/jetbrains/teamcity-server/
This GitHub page appears to imply that a specific plugin is required for kubernetes:
https://github.com/JetBrains/teamcity-kubernetes-plugin
The Rancher Web UI has a JavaScript/HTML form to install containerized apps: "Enter the URL of a public image on any registry, or a private image hosted on Docker Hub or Google Container Registry."
-> I found teamcity-server on Docker Hub, although I have no idea if I can just give it the page (https://hub.docker.com/r/jetbrains/teamcity-server/) or if there's a special subpath that I have to give it.
For the Docker Hub, the "Enter the URL" instructions are wrong and actually fail with an error. To use the Docker hub, you just type the repository name.
For example, to use teamcity-server:
https://hub.docker.com/r/jetbrains/teamcity-server/
you would type (as the app URL):
jetbrains/teamcity-server