【CKS最新模拟真题】Dockerfile修改
文章目录
- 一、TASK
- 二、问题解决过程
- 1.问题一解题
一、TASK
Solve this question on: ssh cks7262
There is a Deployment image-verify in Namespace team-blue which runs image registry.killer.sh:5000/image-verify:v1. DevSecOps has asked you to improve this image by:
Changing the base image to alpine:3.12
Not installing curl
Updating nginx to use the version constraint >=1.18.0
Running the main process as user myuser
Do not add any new lines to the Dockerfile, just edit existing ones. The file is located at /opt/course/16/image/Dockerfile.
Tag your version as v2. You can build, tag and push using:
cd /opt/course/16/image
podman build -t registry.killer.sh:5000/image-verify:v2 .
podman run registry.killer.sh:5000/image-verify:v2 # to test your changes
podman push registry.killer.sh:5000/image-verify:v2
Make the Deployment use your updated image tag v2.
中译
在以下位置解决此问题:ssh cks7262
命名空间 team-blue中有一个 Deployment image-verify,它运行 image registry.killer.sh:5000/image-verify:v1 。DevSecOps 要求您通过以下方式改进此映像:
将基础映像更改为alpine:3.12
不安装curl
更新 以使用 version 约束 nginx>=1.18.0
以用户身份运行主进程myuser
不要向 Dockerfile 添加任何新行,只需编辑现有行。该文件位于 。/opt/course/16/image/Dockerfile
1、将您的版本标记为 .您可以使用以下方法构建、标记和推送:v2
cd /opt/course/16/image
podman build -t registry.killer.sh:5000/image-verify:v2 .
podman run registry.killer.sh:5000/image-verify:v2 # to test your changes
podman push registry.killer.sh:5000/image-verify:v2
最后Deployment 使用更新的映像标记 v2
二、问题解决过程
1.问题一解题
过程如下(示例):
#按要求连接对应的集群
candidate@terminal:~$ ssh cks7262
#切换到root用户下,防止普通用户操作写入文件没权限
candidate@cks7262:~$ sudo -i
#修改dockerfile
root@cks7262:~# vim /opt/course/16/image/Dockerfile
FROM alpine:3.12 # change
RUN apk update && apk add vim nginx>=1.18.0 # change
RUN addgroup -S myuser && adduser -S myuser -G myuser
COPY ./run.sh run.sh
RUN ["chmod", "+x", "./run.sh"]
USER myuser # change
ENTRYPOINT ["/bin/sh", "./run.sh"]
#用上述命令构建新镜像并推送
candidate@cks7262:~$ cd /opt/course/16/image
candidate@cks7262:image$ podman build -t registry.killer.sh:5000/image-verify:v2 .
candidate@cks7262:image$ podman push registry.killer.sh:5000/image-verify:v2
#deployment中替换为新镜像
root@cks7262:image~$ kubectl -n team-blue edit deploy image-verify
- image: registry.killer.sh:5000/image-verify:v2 # change