Running Private Docker Registry for Kubernetes
Mohamed M El-Kalioby
Posted on January 20, 2022
As you work with Kubernetes, you will need a private docker registry to upload your images and then deploy them on Kubernetes, so this will summarize the steps
Note: You need a domain and a certificate from Lets Encrypt, the example domain is reg.example.com
The files are on github on the repo below
mkalioby / docker-reg-k8s
Run Docker registry for K8s
-
Install Apache2
sudo apt install apache2
Create a persistent storage /data on all nodes (based on the storageClass you perfer, the deployment use
hostPath
-
Create passwd file on /data
htpaswd -Bc /data/passwd username
Enter the password twice
-
Create a directory on /data/registry
mkdir /data/registry
-
Apply the deployment
kubectl apply -f registry_deployment.yaml
You can the file below
apiVersion: apps/v1 kind: Deployment metadata: labels: app: registry name: registry namespace: default spec: replicas: 1 selector: matchLabels: app: registry template: metadata: labels: app: registry spec: containers: - env: - name: REGISTRY_AUTH value: htpasswd - name: REGISTRY_AUTH_HTPASSWD_REALM value: Registry - name: REGISTRY_AUTH_HTPASSWD_PATH value: /auth/passwd image: registry:2 name: registry ports: - containerPort: 5000 protocol: TCP volumeMounts: - mountPath: /data/ name: registry-data - mountPath: /auth/passwd name: passwd restartPolicy: Always volumes: - hostPath: path: /data/registry/ type: Directory name: registry-data - hostPath: path: /data/passwd type: File name: passwd
-
Expose the service with NodePort
kubectl expose deployment registry --type NodePort
Make sure that
CLUSTERIP/v2
works Proxy from apache to the Nodeport
-
Enable Header mod
a2enmod header
Generate a certificate from Lets encrypt, Make redirect always
-
Add the following to ssl config on your domain
Header add X-Forwarded-Proto "https" RequestHeader add X-Forwarded-Proto "https"
-
Now login to docker registry
docker login https://reg.example.com
Enter the username and password.
-
Now build your image and push to the private repo
docker build -t reg.example.com/test:v1.0 . docker push reg.example.com/test:v1.0
-
Add your docker credentials to Kubernetes
kubectl create secret generic regcred --from-file=.dockerconfigjson=$HOME/.docker/config.json --type=kubernetes.io/dockerconfigjson
-
Create a deployment with the image from the private repo
spec: containers: - name: test image: reg.example.com/test:v1.0 ports: - containerPort: 80 imagePullSecrets: - name: regcred
Posted on January 20, 2022
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.