Thursday, April 14, 2022

[SOLVED] K8S - Add ImagePullPolicy for with Certificate

Issue

I use k8s with helm 3.

I want for test purpose, be able to access the current cluster of current machine.

When I run:

kubectl config view --raw

The output is like this:

apiVersion: v1
clusters:
- cluster:
    server: https://...
  name: cluster.local
contexts:
- context:
    cluster: cluster.local
    namespace: ...
    user: kubernetes-admin
  name: [email protected]
current-context: [email protected]
kind: Config
preferences: {}
users:
- name: kubernetes-admin
  user:
    client-certificate-data: 
    ...
    client-key-data: 
    ....

For the output, I see that there that the configuration has server of name: cluster.local, and current-context: [email protected].

(Same as on ~/.kube/config file).

For users, there is one user called: kubernetes-admin with client-certificate-data value and client-key-data value. Also I see that there is a key:

What are kubernetes-admin and client-certificate-data stands for, and can I use them in ImagePullSecret section for K8S object of kind: Pod in container.

i.e:

I create a secret:

kubectl create secret my-secret ....

What to do in order to create a secret of the with certificate and not user + password?

and a pod (yaml file):

apiVersion: v1
kind: Pod
metadata:
  name: test-pod
  labels:
    name: test-pod
    app: test-pod
spec:
  imagePullSecrets:
    - name: my-secret
  containers:
    - name: test-pod
      image: "my-image:1.0"
      imagePullPolicy: IfNotPresent

Can I create a secret use in imagePullSecret without provide user+password (this is no user and password - it's a certificate key / ssh).

For test purpose, I am using the current machine (before uploading to remote registry. Need to do some tests before that).

Thanks.


Solution

I will contribute my knowledge as a solution for this issue.

There is no need to create a secret key for the current registry of local machine.

The current default cluster name is cluster.local.

All is needed to add an alias for the image, called: cluster.local/my-image:tag and use it in the yaml code.

That means, running:

docker tag my-image:1.0 cluster.local/myimage:1.0

and in yaml:

apiVersion: v1
kind: Pod
metadata:
  name: test-pod
  labels:
    name: test-pod
    app: test-pod
spec:
  containers:
    - name: test-pod
      image: "cluster.local/my-image:1.0"
      imagePullPolicy: IfNotPresent


Answered By - Eitan
Answer Checked By - David Marino (WPSolving Volunteer)
at