This demo shows how to run the official Spark Examples on a Kubernetes cluster on Google Kubernetes Engine (GKE).
If the nodes have the correct service account with full storage access scope then we do not need to do anything extra on our kaniko pod, as it will be able to push to GCR just fine. Demo: Running Spark Examples on Google Kubernetes Engine. Note that the scopes cannot be changed once the node pool has been created. This is something that we need to change under Add a new node pool – Security – Access scopes – Set access for each API – Storage – Full.
When creating the GKE node pool the default configuration only includes read-only access to Storage API, and we need full access in order to push to GCR. To deploy to GCR we can use a service account and mount it as a Kubernetes secret, but when running on Google Kubernetes Engine (GKE) it is more convenient and safe to use the node pool service account. INFO Skipping unpacking as no commands require it. INFO Using caching version of cmd: COPY -from=build-env /src/bin/kaniko-demo / INFO Found cached layer, extracting to filesystem INFO Using caching version of cmd: RUN cd /src & make If we run kaniko twice we can see how the cached layers are pulled instead of rebuilt. In the same project, I created a Google Compute Engine instance based on COS (Container-Optimized OS). INFO Pushing layer gcr.io/api-project-642841493686/kaniko-demo/cache:6ec16d3475b976bd7cbd41b74000c5d2543bdc2a35a635907415a0995784676d to cache now I have a Docker image pushed to Google Container Registry at gcr.io/my-project/my-image:latest. INFO COPY -from=build-env /src/bin/kaniko-demo / INFO No files changed in this command, skipping snapshotting. INFO Unpacking rootfs as cmd COPY -from=build-env /src/bin/kaniko-demo / requires it. The guide explains how to a pull Docker Image from GCR in any other non-Google Cloud Platform Kubernets cluster using GCR. The issue is about authentication to GCR when pulling the private images. INFO No cached layer found for cmd COPY -from=build-env /src/bin/kaniko-demo / A simple guide to help you use GCR as your Container Registry in any non-GCP Kubernetes Cluster. INFO Saving file src/bin/kaniko-demo for later use INFO Running: ĬGO_ENABLED=0 go build -ldflags '' -o bin/kaniko-demo main.go INFO No cached layer found for cmd RUN cd /src & make I can now go refresh my project in the Google Cloud Platfrom and see my image in the Google Cloud Registry. INFO Resolved base name golang to build-env The docker push command is what tells the image to go live somewhere else, specifically the Google Cloud Registry within my project kuar-demo-187620.