IBM Cloud Cloud Foundry에서 Docker Container를 실행하기 위해 Container Registry를 함께 사용해 보았습니다.
사전 준비
IBM Cloud CLI 을 설치한 후 다음 명령을 실행하여 Container Registry용 플러그인을 설치합니다.
ibmcloud plugin install container-registry
Container Registry에서 네임스페이스 만들기
CLI로 로그인
$ ibmcloud login
API endpoint: https://cloud.ibm.com
Authenticating...
OK
Targeted account IBM (xxxxxxx) <-> xxxxxxx
Targeted resource group Default
Select a region (or press enter to skip):
1. au-syd
2. jp-tok
3. eu-de
4. eu-gb
5. us-south
6. us-east
Enter a number> 2
Targeted region jp-tok
API endpoint: https://cloud.ibm.com
Region: jp-tok
User: [email protected]
Account: XXX (xxxxxxx) <-> xxxxxxx
Resource group: Default
CF API endpoint:
Org:
Space:
Tip: If you are managing Cloud Foundry applications and services
- Use 'ibmcloud target --cf' to target Cloud Foundry org/space interactively, or use 'ibmcloud target --cf-api ENDPOINT -o ORG -s SPACE' to target the org/space.
- Use 'ibmcloud cf' if you want to run the Cloud Foundry CLI with current IBM Cloud CLI context.
Container Registry의 리전을 도쿄로 설정합니다.
$ ibmcloud cr region-set ap-north
The region is set to 'ap-north', the registry is 'jp.icr.io'.
OK
Container Registry에서 자신의 네임스페이스를 만듭니다.
$ ibmcloud cr namespace-add khayama
Adding namespace 'khayama'...
Successfully added namespace 'khayama'
OK
네임스페이스가 생성되었음은 다음 UI 화면( h tps : // c ぉ d. 이 bm. 코 m / 쿠베 r 네 테 s / 레기 스트리 / 마인 / 핥기 s 파세 s )에서도 확인할 수 있습니다.
테스트 컨테이너 이미지를 Container Registry로 푸시
명령을 실행하는 시스템에서 Docker 데몬을 실행한 상태에서 Container Registry에 로그인합니다.
$ ibmcloud cr login
Logging in to 'jp.icr.io'...
Logged in to 'jp.icr.io'.
IBM Cloud Container Registry is adopting new icr.io domain names to align with the rebranding of IBM Cloud for a better user experience. The existing bluemix.net domain names are deprecated, but you can continue to use them for the time being, as an unsupported date will be announced later. For more information about registry domain names, see https://cloud.ibm.com/docs/services/Registry?topic=registry-registry_overview#registry_regions_local
OK
Docker 데몬이 실행되고 있지 않은 경우의 오류
Logging in to 'jp.icr.io'...
FAILED
Failed to 'docker login' to 'jp.icr.io' with error: WARNING! Using --password via the CLI is insecure. Use --password-stdin.
Warning: failed to get default registry endpoint from daemon (Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?). Using system default: https://index.docker.io/v1/
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
Cloud Foundry에서 실행할 테스트 컨테이너 이미지를 다운로드합니다.
$ docker pull cloudfoundry/test-app
Using default tag: latest
latest: Pulling from cloudfoundry/test-app
a3ed95caeb02: Pull complete
300273678d06: Pull complete
bb84e9e1b665: Pull complete
Digest: sha256:6d2e265936c77c8955c253dde084ee0f8ec25a78e76b6631222f5ef0e9047b72
Status: Downloaded newer image for cloudfoundry/test-app:latest
이미지에 태그를 추가합니다.
$ docker tag cloudfoundry/test-app jp.icr.io/khayama/cf-test-app:v1
IBM Cloud의 Container Registry 도쿄 리전에 업로드합니다.
$ docker push jp.icr.io/khayama/cf-test-app:v1
The push refers to repository [jp.icr.io/khayama/cf-test-app]
0147abe5feb0: Pushed
5f70bf18a086: Pushed
5dbcf0efe4f2: Pushed
v1: digest: sha256:c32f35d771bee7f0ccfea0dac66572014e7bf636ed5c0b0a34bc335eb21ffe5f size: 1362
Container Registry 도쿄 지역의 이미지 목록에 있는지 확인합니다.
$ ibmcloud cr image-list
Listing images...
REPOSITORY TAG DIGEST NAMESPACE CREATED SIZE SECURITY STATUS
jp.icr.io/khayama/cf-test-app v1 c32f35d771be khayama 2 years ago 8.1 MB No Issues
jp.icr.io/khayama/hello-world v1 92c7f9c92844 khayama 2 months ago 977 B No Issues
OK
이미지 업로드는 다음 UI 화면( h tps : // c ぉ d. 이 bm. 코 m / 쿠베 r 네 테 s / 레기 스트리 / 마인 / p 리 ぁ )에서도 확인할 수 있습니다.
Container Registry 액세스 인증을 위한 IAM API key 발급
다음의 커멘드로 작성해, 출력된 json 내에 apikey 가 보존됩니다.
$ ibmcloud iam api-key-create khayama-cr -d "for container registry access" --file crKey.json
Creating API key khayama-cr as [email protected]...
OK
API key khayama-cr was created
Successfully save API key information to crKey.json
다음 명령은 발행된 apikey를 변수로 저장합니다. (나중에 사용합니다)
export $( echo $(cat crKey.json) | jq -r 'keys[] as $k | "export \($k)=\(.[$k])"')
export CF_DOCKER_PASSWORD=$apikey
IBM Cloud Cloud Foundry에서 Docker Container를 실행할 수 있는지 확인
가장 가까운 Cloud Foundry 리전을 대상으로 지정합니다.
$ ibmcloud target -r au-syd
Switched to region au-syd
API endpoint: https://cloud.ibm.com
Region: au-syd
User: [email protected]
Account: XXXXX (xxxxx) <-> xxxxx
Resource group: Default
CF API endpoint:
Org:
Space:
Tip: If you are managing Cloud Foundry applications and services
- Use 'ibmcloud target --cf' to target Cloud Foundry org/space interactively, or use 'ibmcloud target --cf-api ENDPOINT -o ORG -s SPACE' to target the org/space.
- Use 'ibmcloud cf' if you want to run the Cloud Foundry CLI with current IBM Cloud CLI context.
$ ibmcloud target --cf
Targeted Cloud Foundry (https://api.au-syd.bluemix.net)
Targeted org xxxxx
Targeted space dev
API endpoint: https://cloud.ibm.com
Region: au-syd
User: [email protected]
Account: xxxxx (xxxxx) <-> xxxxx
Resource group: Default
CF API endpoint: https://api.au-syd.bluemix.net (API version: 2.106.0)
Org: XXXXX
Space: dev
Cloud Foundry에서 Docker Container를 이동하는 기능이 활성화되어 있는지 확인합니다.
( diego_docker=enabled
)
이제 "Cloud Foundry에서 Docker를 이동"하는 것 자체는 문제 없습니다 (분명히 지원됩니다) ...!
(문서에는 Cloud Foundry에서 Docker를 실행하는 명령이 포함되어 있으므로 ...)
$ ibmcloud cf feature-flags
Invoking 'cf feature-flags'...
Retrieving status of all flagged features as [email protected]...
features state
user_org_creation disabled
private_domain_creation enabled
app_bits_upload enabled
app_scaling enabled
route_creation enabled
service_instance_creation enabled
diego_docker enabled
set_roles_by_username enabled
unset_roles_by_username enabled
task_creation enabled
env_var_visibility enabled
space_scoped_private_broker_creation enabled
space_developer_env_var_visibility enabled
service_instance_sharing disabled
Container Registry에서 Cloud Foundry로 배포
다음 명령 실행으로 즉시 시작됩니다.
시작에 10초가 걸리지 않는 이미지입니다.
Container Registry의 인증이 잘 동작하는지가 포인트입니다.
$ ibmcloud cf push khayama-cf-test-app --docker-image jp.icr.io/khayama/cf-test-app:v1 --docker-username iamapikey
Invoking 'cf push khayama-cf-test-app --docker-image jp.icr.io/khayama/cf-test-app:v1 --docker-username iamapikey'...
Using docker repository password from environment variable CF_DOCKER_PASSWORD.
Pushing app khayama-cf-test-app to org xxxxx / space dev as [email protected]...
Getting app info...
Creating app with these attributes...
+ name: khayama-cf-test-app
+ docker image: jp.icr.io/khayama/cf-test-app:v1
+ docker username: iamapikey
routes:
+ khayama-cf-test-app.au-syd.mybluemix.net
Creating app khayama-cf-test-app...
Mapping routes...
Staging app and tracing logs...
Cell c2557d8d-aa23-4d21-be92-3baf62299ad2 creating container for instance f8effe27-b4fc-403e-9180-28348ac9f3b6
Cell c2557d8d-aa23-4d21-be92-3baf62299ad2 successfully created container for instance f8effe27-b4fc-403e-9180-28348ac9f3b6
Staging...
Staging process started ...
Staging process finished
Exit status 0
Staging Complete
Cell c2557d8d-aa23-4d21-be92-3baf62299ad2 stopping instance f8effe27-b4fc-403e-9180-28348ac9f3b6
Cell c2557d8d-aa23-4d21-be92-3baf62299ad2 destroying container for instance f8effe27-b4fc-403e-9180-28348ac9f3b6
Cell c2557d8d-aa23-4d21-be92-3baf62299ad2 successfully destroyed container for instance f8effe27-b4fc-403e-9180-28348ac9f3b6
Waiting for app to start...
name: khayama-cf-test-app
requested state: started
routes: khayama-cf-test-app.au-syd.mybluemix.net
last uploaded: Thu 28 Mar 00:49:59 JST 2019
stack:
docker image: jp.icr.io/khayama/cf-test-app:v1
type: web
instances: 1/1
memory usage: 1024M
start command: /test-app
state since cpu memory disk details
#0 running 2019-03-27T15:50:16Z 1.1% 12.2M of 1G 22.4M of 1G
웹 게시된 테스트 앱을 확인할 수 있었습니다!
감상
이번에는 IAM API key를 발행하여 Container Registry에 대한 액세스 인증을 자동화하는 것이 포인트였습니다.
Web공개용의 컨테이너 이미지도 많이 있으므로, 확실히 공개하고 싶은 경우는, 이것이 가장 쉬운 방법일지도 모르겠네요.
참고
ibmcloud plugin install container-registry
CLI로 로그인
$ ibmcloud login
API endpoint: https://cloud.ibm.com
Authenticating...
OK
Targeted account IBM (xxxxxxx) <-> xxxxxxx
Targeted resource group Default
Select a region (or press enter to skip):
1. au-syd
2. jp-tok
3. eu-de
4. eu-gb
5. us-south
6. us-east
Enter a number> 2
Targeted region jp-tok
API endpoint: https://cloud.ibm.com
Region: jp-tok
User: [email protected]
Account: XXX (xxxxxxx) <-> xxxxxxx
Resource group: Default
CF API endpoint:
Org:
Space:
Tip: If you are managing Cloud Foundry applications and services
- Use 'ibmcloud target --cf' to target Cloud Foundry org/space interactively, or use 'ibmcloud target --cf-api ENDPOINT -o ORG -s SPACE' to target the org/space.
- Use 'ibmcloud cf' if you want to run the Cloud Foundry CLI with current IBM Cloud CLI context.
Container Registry의 리전을 도쿄로 설정합니다.
$ ibmcloud cr region-set ap-north
The region is set to 'ap-north', the registry is 'jp.icr.io'.
OK
Container Registry에서 자신의 네임스페이스를 만듭니다.
$ ibmcloud cr namespace-add khayama
Adding namespace 'khayama'...
Successfully added namespace 'khayama'
OK
네임스페이스가 생성되었음은 다음 UI 화면( h tps : // c ぉ d. 이 bm. 코 m / 쿠베 r 네 테 s / 레기 스트리 / 마인 / 핥기 s 파세 s )에서도 확인할 수 있습니다.
테스트 컨테이너 이미지를 Container Registry로 푸시
명령을 실행하는 시스템에서 Docker 데몬을 실행한 상태에서 Container Registry에 로그인합니다.
$ ibmcloud cr login
Logging in to 'jp.icr.io'...
Logged in to 'jp.icr.io'.
IBM Cloud Container Registry is adopting new icr.io domain names to align with the rebranding of IBM Cloud for a better user experience. The existing bluemix.net domain names are deprecated, but you can continue to use them for the time being, as an unsupported date will be announced later. For more information about registry domain names, see https://cloud.ibm.com/docs/services/Registry?topic=registry-registry_overview#registry_regions_local
OK
Docker 데몬이 실행되고 있지 않은 경우의 오류
Logging in to 'jp.icr.io'...
FAILED
Failed to 'docker login' to 'jp.icr.io' with error: WARNING! Using --password via the CLI is insecure. Use --password-stdin.
Warning: failed to get default registry endpoint from daemon (Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?). Using system default: https://index.docker.io/v1/
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
Cloud Foundry에서 실행할 테스트 컨테이너 이미지를 다운로드합니다.
$ docker pull cloudfoundry/test-app
Using default tag: latest
latest: Pulling from cloudfoundry/test-app
a3ed95caeb02: Pull complete
300273678d06: Pull complete
bb84e9e1b665: Pull complete
Digest: sha256:6d2e265936c77c8955c253dde084ee0f8ec25a78e76b6631222f5ef0e9047b72
Status: Downloaded newer image for cloudfoundry/test-app:latest
이미지에 태그를 추가합니다.
$ docker tag cloudfoundry/test-app jp.icr.io/khayama/cf-test-app:v1
IBM Cloud의 Container Registry 도쿄 리전에 업로드합니다.
$ docker push jp.icr.io/khayama/cf-test-app:v1
The push refers to repository [jp.icr.io/khayama/cf-test-app]
0147abe5feb0: Pushed
5f70bf18a086: Pushed
5dbcf0efe4f2: Pushed
v1: digest: sha256:c32f35d771bee7f0ccfea0dac66572014e7bf636ed5c0b0a34bc335eb21ffe5f size: 1362
Container Registry 도쿄 지역의 이미지 목록에 있는지 확인합니다.
$ ibmcloud cr image-list
Listing images...
REPOSITORY TAG DIGEST NAMESPACE CREATED SIZE SECURITY STATUS
jp.icr.io/khayama/cf-test-app v1 c32f35d771be khayama 2 years ago 8.1 MB No Issues
jp.icr.io/khayama/hello-world v1 92c7f9c92844 khayama 2 months ago 977 B No Issues
OK
이미지 업로드는 다음 UI 화면( h tps : // c ぉ d. 이 bm. 코 m / 쿠베 r 네 테 s / 레기 스트리 / 마인 / p 리 ぁ )에서도 확인할 수 있습니다.
Container Registry 액세스 인증을 위한 IAM API key 발급
다음의 커멘드로 작성해, 출력된 json 내에 apikey 가 보존됩니다.
$ ibmcloud iam api-key-create khayama-cr -d "for container registry access" --file crKey.json
Creating API key khayama-cr as [email protected]...
OK
API key khayama-cr was created
Successfully save API key information to crKey.json
다음 명령은 발행된 apikey를 변수로 저장합니다. (나중에 사용합니다)
export $( echo $(cat crKey.json) | jq -r 'keys[] as $k | "export \($k)=\(.[$k])"')
export CF_DOCKER_PASSWORD=$apikey
IBM Cloud Cloud Foundry에서 Docker Container를 실행할 수 있는지 확인
가장 가까운 Cloud Foundry 리전을 대상으로 지정합니다.
$ ibmcloud target -r au-syd
Switched to region au-syd
API endpoint: https://cloud.ibm.com
Region: au-syd
User: [email protected]
Account: XXXXX (xxxxx) <-> xxxxx
Resource group: Default
CF API endpoint:
Org:
Space:
Tip: If you are managing Cloud Foundry applications and services
- Use 'ibmcloud target --cf' to target Cloud Foundry org/space interactively, or use 'ibmcloud target --cf-api ENDPOINT -o ORG -s SPACE' to target the org/space.
- Use 'ibmcloud cf' if you want to run the Cloud Foundry CLI with current IBM Cloud CLI context.
$ ibmcloud target --cf
Targeted Cloud Foundry (https://api.au-syd.bluemix.net)
Targeted org xxxxx
Targeted space dev
API endpoint: https://cloud.ibm.com
Region: au-syd
User: [email protected]
Account: xxxxx (xxxxx) <-> xxxxx
Resource group: Default
CF API endpoint: https://api.au-syd.bluemix.net (API version: 2.106.0)
Org: XXXXX
Space: dev
Cloud Foundry에서 Docker Container를 이동하는 기능이 활성화되어 있는지 확인합니다.
( diego_docker=enabled
)
이제 "Cloud Foundry에서 Docker를 이동"하는 것 자체는 문제 없습니다 (분명히 지원됩니다) ...!
(문서에는 Cloud Foundry에서 Docker를 실행하는 명령이 포함되어 있으므로 ...)
$ ibmcloud cf feature-flags
Invoking 'cf feature-flags'...
Retrieving status of all flagged features as [email protected]...
features state
user_org_creation disabled
private_domain_creation enabled
app_bits_upload enabled
app_scaling enabled
route_creation enabled
service_instance_creation enabled
diego_docker enabled
set_roles_by_username enabled
unset_roles_by_username enabled
task_creation enabled
env_var_visibility enabled
space_scoped_private_broker_creation enabled
space_developer_env_var_visibility enabled
service_instance_sharing disabled
Container Registry에서 Cloud Foundry로 배포
다음 명령 실행으로 즉시 시작됩니다.
시작에 10초가 걸리지 않는 이미지입니다.
Container Registry의 인증이 잘 동작하는지가 포인트입니다.
$ ibmcloud cf push khayama-cf-test-app --docker-image jp.icr.io/khayama/cf-test-app:v1 --docker-username iamapikey
Invoking 'cf push khayama-cf-test-app --docker-image jp.icr.io/khayama/cf-test-app:v1 --docker-username iamapikey'...
Using docker repository password from environment variable CF_DOCKER_PASSWORD.
Pushing app khayama-cf-test-app to org xxxxx / space dev as [email protected]...
Getting app info...
Creating app with these attributes...
+ name: khayama-cf-test-app
+ docker image: jp.icr.io/khayama/cf-test-app:v1
+ docker username: iamapikey
routes:
+ khayama-cf-test-app.au-syd.mybluemix.net
Creating app khayama-cf-test-app...
Mapping routes...
Staging app and tracing logs...
Cell c2557d8d-aa23-4d21-be92-3baf62299ad2 creating container for instance f8effe27-b4fc-403e-9180-28348ac9f3b6
Cell c2557d8d-aa23-4d21-be92-3baf62299ad2 successfully created container for instance f8effe27-b4fc-403e-9180-28348ac9f3b6
Staging...
Staging process started ...
Staging process finished
Exit status 0
Staging Complete
Cell c2557d8d-aa23-4d21-be92-3baf62299ad2 stopping instance f8effe27-b4fc-403e-9180-28348ac9f3b6
Cell c2557d8d-aa23-4d21-be92-3baf62299ad2 destroying container for instance f8effe27-b4fc-403e-9180-28348ac9f3b6
Cell c2557d8d-aa23-4d21-be92-3baf62299ad2 successfully destroyed container for instance f8effe27-b4fc-403e-9180-28348ac9f3b6
Waiting for app to start...
name: khayama-cf-test-app
requested state: started
routes: khayama-cf-test-app.au-syd.mybluemix.net
last uploaded: Thu 28 Mar 00:49:59 JST 2019
stack:
docker image: jp.icr.io/khayama/cf-test-app:v1
type: web
instances: 1/1
memory usage: 1024M
start command: /test-app
state since cpu memory disk details
#0 running 2019-03-27T15:50:16Z 1.1% 12.2M of 1G 22.4M of 1G
웹 게시된 테스트 앱을 확인할 수 있었습니다!
감상
이번에는 IAM API key를 발행하여 Container Registry에 대한 액세스 인증을 자동화하는 것이 포인트였습니다.
Web공개용의 컨테이너 이미지도 많이 있으므로, 확실히 공개하고 싶은 경우는, 이것이 가장 쉬운 방법일지도 모르겠네요.
참고
$ ibmcloud cr login
Logging in to 'jp.icr.io'...
Logged in to 'jp.icr.io'.
IBM Cloud Container Registry is adopting new icr.io domain names to align with the rebranding of IBM Cloud for a better user experience. The existing bluemix.net domain names are deprecated, but you can continue to use them for the time being, as an unsupported date will be announced later. For more information about registry domain names, see https://cloud.ibm.com/docs/services/Registry?topic=registry-registry_overview#registry_regions_local
OK
Logging in to 'jp.icr.io'...
FAILED
Failed to 'docker login' to 'jp.icr.io' with error: WARNING! Using --password via the CLI is insecure. Use --password-stdin.
Warning: failed to get default registry endpoint from daemon (Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?). Using system default: https://index.docker.io/v1/
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
$ docker pull cloudfoundry/test-app
Using default tag: latest
latest: Pulling from cloudfoundry/test-app
a3ed95caeb02: Pull complete
300273678d06: Pull complete
bb84e9e1b665: Pull complete
Digest: sha256:6d2e265936c77c8955c253dde084ee0f8ec25a78e76b6631222f5ef0e9047b72
Status: Downloaded newer image for cloudfoundry/test-app:latest
$ docker tag cloudfoundry/test-app jp.icr.io/khayama/cf-test-app:v1
$ docker push jp.icr.io/khayama/cf-test-app:v1
The push refers to repository [jp.icr.io/khayama/cf-test-app]
0147abe5feb0: Pushed
5f70bf18a086: Pushed
5dbcf0efe4f2: Pushed
v1: digest: sha256:c32f35d771bee7f0ccfea0dac66572014e7bf636ed5c0b0a34bc335eb21ffe5f size: 1362
$ ibmcloud cr image-list
Listing images...
REPOSITORY TAG DIGEST NAMESPACE CREATED SIZE SECURITY STATUS
jp.icr.io/khayama/cf-test-app v1 c32f35d771be khayama 2 years ago 8.1 MB No Issues
jp.icr.io/khayama/hello-world v1 92c7f9c92844 khayama 2 months ago 977 B No Issues
OK
다음의 커멘드로 작성해, 출력된 json 내에 apikey 가 보존됩니다.
$ ibmcloud iam api-key-create khayama-cr -d "for container registry access" --file crKey.json
Creating API key khayama-cr as [email protected]...
OK
API key khayama-cr was created
Successfully save API key information to crKey.json
다음 명령은 발행된 apikey를 변수로 저장합니다. (나중에 사용합니다)
export $( echo $(cat crKey.json) | jq -r 'keys[] as $k | "export \($k)=\(.[$k])"')
export CF_DOCKER_PASSWORD=$apikey
IBM Cloud Cloud Foundry에서 Docker Container를 실행할 수 있는지 확인
가장 가까운 Cloud Foundry 리전을 대상으로 지정합니다.
$ ibmcloud target -r au-syd
Switched to region au-syd
API endpoint: https://cloud.ibm.com
Region: au-syd
User: [email protected]
Account: XXXXX (xxxxx) <-> xxxxx
Resource group: Default
CF API endpoint:
Org:
Space:
Tip: If you are managing Cloud Foundry applications and services
- Use 'ibmcloud target --cf' to target Cloud Foundry org/space interactively, or use 'ibmcloud target --cf-api ENDPOINT -o ORG -s SPACE' to target the org/space.
- Use 'ibmcloud cf' if you want to run the Cloud Foundry CLI with current IBM Cloud CLI context.
$ ibmcloud target --cf
Targeted Cloud Foundry (https://api.au-syd.bluemix.net)
Targeted org xxxxx
Targeted space dev
API endpoint: https://cloud.ibm.com
Region: au-syd
User: [email protected]
Account: xxxxx (xxxxx) <-> xxxxx
Resource group: Default
CF API endpoint: https://api.au-syd.bluemix.net (API version: 2.106.0)
Org: XXXXX
Space: dev
Cloud Foundry에서 Docker Container를 이동하는 기능이 활성화되어 있는지 확인합니다.
( diego_docker=enabled
)
이제 "Cloud Foundry에서 Docker를 이동"하는 것 자체는 문제 없습니다 (분명히 지원됩니다) ...!
(문서에는 Cloud Foundry에서 Docker를 실행하는 명령이 포함되어 있으므로 ...)
$ ibmcloud cf feature-flags
Invoking 'cf feature-flags'...
Retrieving status of all flagged features as [email protected]...
features state
user_org_creation disabled
private_domain_creation enabled
app_bits_upload enabled
app_scaling enabled
route_creation enabled
service_instance_creation enabled
diego_docker enabled
set_roles_by_username enabled
unset_roles_by_username enabled
task_creation enabled
env_var_visibility enabled
space_scoped_private_broker_creation enabled
space_developer_env_var_visibility enabled
service_instance_sharing disabled
Container Registry에서 Cloud Foundry로 배포
다음 명령 실행으로 즉시 시작됩니다.
시작에 10초가 걸리지 않는 이미지입니다.
Container Registry의 인증이 잘 동작하는지가 포인트입니다.
$ ibmcloud cf push khayama-cf-test-app --docker-image jp.icr.io/khayama/cf-test-app:v1 --docker-username iamapikey
Invoking 'cf push khayama-cf-test-app --docker-image jp.icr.io/khayama/cf-test-app:v1 --docker-username iamapikey'...
Using docker repository password from environment variable CF_DOCKER_PASSWORD.
Pushing app khayama-cf-test-app to org xxxxx / space dev as [email protected]...
Getting app info...
Creating app with these attributes...
+ name: khayama-cf-test-app
+ docker image: jp.icr.io/khayama/cf-test-app:v1
+ docker username: iamapikey
routes:
+ khayama-cf-test-app.au-syd.mybluemix.net
Creating app khayama-cf-test-app...
Mapping routes...
Staging app and tracing logs...
Cell c2557d8d-aa23-4d21-be92-3baf62299ad2 creating container for instance f8effe27-b4fc-403e-9180-28348ac9f3b6
Cell c2557d8d-aa23-4d21-be92-3baf62299ad2 successfully created container for instance f8effe27-b4fc-403e-9180-28348ac9f3b6
Staging...
Staging process started ...
Staging process finished
Exit status 0
Staging Complete
Cell c2557d8d-aa23-4d21-be92-3baf62299ad2 stopping instance f8effe27-b4fc-403e-9180-28348ac9f3b6
Cell c2557d8d-aa23-4d21-be92-3baf62299ad2 destroying container for instance f8effe27-b4fc-403e-9180-28348ac9f3b6
Cell c2557d8d-aa23-4d21-be92-3baf62299ad2 successfully destroyed container for instance f8effe27-b4fc-403e-9180-28348ac9f3b6
Waiting for app to start...
name: khayama-cf-test-app
requested state: started
routes: khayama-cf-test-app.au-syd.mybluemix.net
last uploaded: Thu 28 Mar 00:49:59 JST 2019
stack:
docker image: jp.icr.io/khayama/cf-test-app:v1
type: web
instances: 1/1
memory usage: 1024M
start command: /test-app
state since cpu memory disk details
#0 running 2019-03-27T15:50:16Z 1.1% 12.2M of 1G 22.4M of 1G
웹 게시된 테스트 앱을 확인할 수 있었습니다!
감상
이번에는 IAM API key를 발행하여 Container Registry에 대한 액세스 인증을 자동화하는 것이 포인트였습니다.
Web공개용의 컨테이너 이미지도 많이 있으므로, 확실히 공개하고 싶은 경우는, 이것이 가장 쉬운 방법일지도 모르겠네요.
참고
$ ibmcloud target -r au-syd
Switched to region au-syd
API endpoint: https://cloud.ibm.com
Region: au-syd
User: [email protected]
Account: XXXXX (xxxxx) <-> xxxxx
Resource group: Default
CF API endpoint:
Org:
Space:
Tip: If you are managing Cloud Foundry applications and services
- Use 'ibmcloud target --cf' to target Cloud Foundry org/space interactively, or use 'ibmcloud target --cf-api ENDPOINT -o ORG -s SPACE' to target the org/space.
- Use 'ibmcloud cf' if you want to run the Cloud Foundry CLI with current IBM Cloud CLI context.
$ ibmcloud target --cf
Targeted Cloud Foundry (https://api.au-syd.bluemix.net)
Targeted org xxxxx
Targeted space dev
API endpoint: https://cloud.ibm.com
Region: au-syd
User: [email protected]
Account: xxxxx (xxxxx) <-> xxxxx
Resource group: Default
CF API endpoint: https://api.au-syd.bluemix.net (API version: 2.106.0)
Org: XXXXX
Space: dev
$ ibmcloud cf feature-flags
Invoking 'cf feature-flags'...
Retrieving status of all flagged features as [email protected]...
features state
user_org_creation disabled
private_domain_creation enabled
app_bits_upload enabled
app_scaling enabled
route_creation enabled
service_instance_creation enabled
diego_docker enabled
set_roles_by_username enabled
unset_roles_by_username enabled
task_creation enabled
env_var_visibility enabled
space_scoped_private_broker_creation enabled
space_developer_env_var_visibility enabled
service_instance_sharing disabled
다음 명령 실행으로 즉시 시작됩니다.
시작에 10초가 걸리지 않는 이미지입니다.
Container Registry의 인증이 잘 동작하는지가 포인트입니다.
$ ibmcloud cf push khayama-cf-test-app --docker-image jp.icr.io/khayama/cf-test-app:v1 --docker-username iamapikey
Invoking 'cf push khayama-cf-test-app --docker-image jp.icr.io/khayama/cf-test-app:v1 --docker-username iamapikey'...
Using docker repository password from environment variable CF_DOCKER_PASSWORD.
Pushing app khayama-cf-test-app to org xxxxx / space dev as [email protected]...
Getting app info...
Creating app with these attributes...
+ name: khayama-cf-test-app
+ docker image: jp.icr.io/khayama/cf-test-app:v1
+ docker username: iamapikey
routes:
+ khayama-cf-test-app.au-syd.mybluemix.net
Creating app khayama-cf-test-app...
Mapping routes...
Staging app and tracing logs...
Cell c2557d8d-aa23-4d21-be92-3baf62299ad2 creating container for instance f8effe27-b4fc-403e-9180-28348ac9f3b6
Cell c2557d8d-aa23-4d21-be92-3baf62299ad2 successfully created container for instance f8effe27-b4fc-403e-9180-28348ac9f3b6
Staging...
Staging process started ...
Staging process finished
Exit status 0
Staging Complete
Cell c2557d8d-aa23-4d21-be92-3baf62299ad2 stopping instance f8effe27-b4fc-403e-9180-28348ac9f3b6
Cell c2557d8d-aa23-4d21-be92-3baf62299ad2 destroying container for instance f8effe27-b4fc-403e-9180-28348ac9f3b6
Cell c2557d8d-aa23-4d21-be92-3baf62299ad2 successfully destroyed container for instance f8effe27-b4fc-403e-9180-28348ac9f3b6
Waiting for app to start...
name: khayama-cf-test-app
requested state: started
routes: khayama-cf-test-app.au-syd.mybluemix.net
last uploaded: Thu 28 Mar 00:49:59 JST 2019
stack:
docker image: jp.icr.io/khayama/cf-test-app:v1
type: web
instances: 1/1
memory usage: 1024M
start command: /test-app
state since cpu memory disk details
#0 running 2019-03-27T15:50:16Z 1.1% 12.2M of 1G 22.4M of 1G
웹 게시된 테스트 앱을 확인할 수 있었습니다!
감상
이번에는 IAM API key를 발행하여 Container Registry에 대한 액세스 인증을 자동화하는 것이 포인트였습니다.
Web공개용의 컨테이너 이미지도 많이 있으므로, 확실히 공개하고 싶은 경우는, 이것이 가장 쉬운 방법일지도 모르겠네요.
참고
Reference
이 문제에 관하여(IBM Cloud Cloud Foundry에서 Docker Container를 실행하기 위해 Container Registry를 함께 사용해 보았습니다.), 우리는 이곳에서 더 많은 자료를 발견하고 링크를 클릭하여 보았다 https://qiita.com/khayama/items/1dda68117d64756afa1d텍스트를 자유롭게 공유하거나 복사할 수 있습니다.하지만 이 문서의 URL은 참조 URL로 남겨 두십시오.
우수한 개발자 콘텐츠 발견에 전념 (Collection and Share based on the CC Protocol.)