A service you are deploying to Oracle Cloud Infrastructure (OCI) Container Engine for Kubernetes (OKE) uses a docker image from a private repository in OCI Registry (OCIR)
Which configuration is necessary to provide access to this repository from OKE? (Choose the best answer.)
Click on the arrows to vote for the correct answer
A. B. C. D.C.
https://www.oracle.com/webfolder/technetwork/tutorials/obe/oci/oke-and-registry/index.htmlWhen deploying a service to Oracle Cloud Infrastructure (OCI) Container Engine for Kubernetes (OKE) that uses a docker image from a private repository in OCI Registry (OCIR), you need to configure access to this repository from OKE. This requires creating a docker-registry secret and configuring the appropriate properties in the deployment manifest.
Option A: Add a generic secret on the cluster containing your identity credentials. Then specify a registryCredentials property in the deployment manifest.
This option is incorrect because a generic secret does not provide authentication for the OCI Registry. The registryCredentials property is also not a valid configuration property for accessing a private OCI Registry.
Option B: Create a docker-registry secret for OCIR with API key credentials on the cluster, and specify the imagePullSecret property in the application deployment manifest.
This is the correct option. To configure access to a private OCI Registry, you need to create a docker-registry secret on the cluster with the API key credentials for the OCI Registry. This secret can then be used to authenticate when pulling images from the private registry. The imagePullSecret property in the deployment manifest can be used to specify the name of this secret, which is then used to authenticate the pull of the docker image from the private repository in OCIR.
Option C: Create a docker-registry secret for OCIR with identity Auth Token on the cluster, and specify the imagePullSecret property in the application deployment manifest.
This option is incorrect because OCI Registry authentication requires API key credentials, not identity Auth Tokens.
Option D: Create a dynamic group for nodes in the cluster, and a policy that allows the dynamic group to read repositories in the same compartment.
This option is also incorrect because it does not provide authentication for accessing the private OCI Registry. It only allows the dynamic group to read repositories within the same compartment.
In summary, the correct configuration for accessing a private OCI Registry from OKE is to create a docker-registry secret with API key credentials for the OCI Registry, and specify the imagePullSecret property in the application deployment manifest.