Deploying Docker Registry on Kubernetes Quiz

This quiz explores key steps and best practices for deploying a private Docker Registry using Kubernetes, including certificate management, persistent storage, and deployment configuration. Perfect for those looking to understand image storage and secure access in a cloud-native setup.

1. Certificate Generation for Security

   What is the main reason for creating a self-signed certificate when deploying a private Docker Registry on Kubernetes?

   1. To automate registry updates
   2. To improve container startup speed
   3. To enable encrypted traffic between users and the registry
   4. To increase image storage capacity

   Explanation: A self-signed certificate is generated to enable encrypted HTTPS communication, ensuring that data exchanged with the registry is secure. Improving container startup speed and increasing image storage capacity are unrelated to certificates. Automating registry updates is also not a function of creating certificates.

2. Storing Certificates Securely

   Which Kubernetes resource is best used to safely store TLS certificates and keys for the Docker Registry?

   1. PersistentVolume
   2. ConfigMap
   3. ServiceAccount
   4. Secret

   Explanation: Kubernetes Secrets are designed to store sensitive data, such as TLS keys and certificates, securely. ConfigMaps are for non-sensitive configuration data, PersistentVolumes are for storage, and ServiceAccounts relate to permissions rather than secret storage.

3. Ensuring Data Persistence

   Why is it important to attach a PersistentVolumeClaim to the Docker Registry deployment in Kubernetes?

   1. To automatically scale the registry's CPU resources
   2. To enable SSL encryption for access
   3. To allow registry pods to run on multiple nodes simultaneously
   4. To retain image data across pod restarts or rescheduling

   Explanation: A PersistentVolumeClaim ensures that stored images are not lost if the registry pod is restarted or rescheduled to another node. It does not affect SSL encryption, scaling CPU resources, or running the same pod instance on multiple nodes simultaneously.

4. Volume Mount Purpose

   When deploying the Docker Registry container in Kubernetes, what is the main reason to mount the directory containing certificates as read-only?

   1. To speed up image pulls from the registry
   2. To reduce network usage for certificate files
   3. To prevent the registry from modifying sensitive files
   4. To enable automatic certificate updates

   Explanation: Mounting certificate directories as read-only secures them by preventing accidental or malicious modification during runtime. This mounting does not impact image pull speeds, network usage, or facilitate automatic updates of certificate files.

5. Configuring Registry Access

   Which environment variables must be set in the Docker Registry container to specify the locations of the TLS certificate and key?

   1. TLS_CERT_FILE and TLS_KEY_FILE
   2. REGISTRY_CERT_PATH and REGISTRY_KEY_PATH
   3. DOCKER_TLS_VERIFY and DOCKER_CERT_PATH
   4. REGISTRY_HTTP_TLS_CERTIFICATE and REGISTRY_HTTP_TLS_KEY

   Explanation: These two environment variables point the Docker Registry to the relevant certificate and key file paths for secure communication. The other options are not recognized by the official registry image for this specific configuration.