Running Private Docker Registry for Kubernetes

mkalioby

Mohamed M El-Kalioby

Posted on January 20, 2022

Running Private Docker Registry for Kubernetes

As you work with Kubernetes, you will need a private docker registry to upload your images and then deploy them on Kubernetes, so this will summarize the steps

Note: You need a domain and a certificate from Lets Encrypt, the example domain is reg.example.com

The files are on github on the repo below

GitHub logo mkalioby / docker-reg-k8s

Run Docker registry for K8s

  1. Install Apache2

    sudo apt install apache2
    
  2. Create a persistent storage /data on all nodes (based on the storageClass you perfer, the deployment use hostPath

  3. Create passwd file on /data

     htpaswd -Bc /data/passwd username
    

    Enter the password twice

  4. Create a directory on /data/registry

    mkdir /data/registry
    
  5. Apply the deployment

    kubectl apply -f registry_deployment.yaml
    

    You can the file below

    apiVersion: apps/v1
    kind: Deployment
    metadata:
      labels:
        app: registry
    name: registry
    namespace: default
    spec:
      replicas: 1
      selector:
        matchLabels:
           app: registry
      template:
         metadata:
           labels:
            app: registry
         spec:
           containers:
            - env:
              - name: REGISTRY_AUTH
                value: htpasswd
              - name: REGISTRY_AUTH_HTPASSWD_REALM
                value: Registry
              - name: REGISTRY_AUTH_HTPASSWD_PATH
                value: /auth/passwd
              image: registry:2
              name: registry
              ports:
                - containerPort: 5000
                  protocol: TCP
              volumeMounts:
                 - mountPath: /data/
                   name: registry-data
                 - mountPath: /auth/passwd
                    name: passwd
           restartPolicy: Always
           volumes:
             - hostPath:
                 path: /data/registry/
                 type: Directory
               name: registry-data
             - hostPath:
                path: /data/passwd
                type: File
               name: passwd
    
  6. Expose the service with NodePort

    kubectl expose deployment registry --type NodePort
    

    Make sure that CLUSTERIP/v2 works

  7. Proxy from apache to the Nodeport

  8. Enable Header mod

     a2enmod header
    
  9. Generate a certificate from Lets encrypt, Make redirect always

  10. Add the following to ssl config on your domain

    Header add X-Forwarded-Proto "https"
    RequestHeader add X-Forwarded-Proto "https"
    
  11. Now login to docker registry

    docker login https://reg.example.com
    

    Enter the username and password.

  12. Now build your image and push to the private repo

    docker build -t reg.example.com/test:v1.0 . 
    docker push reg.example.com/test:v1.0
    
  13. Add your docker credentials to Kubernetes

    kubectl create secret generic regcred --from-file=.dockerconfigjson=$HOME/.docker/config.json --type=kubernetes.io/dockerconfigjson
    
  14. Create a deployment with the image from the private repo

    spec:
      containers:
      - name: test
        image: reg.example.com/test:v1.0
        ports:
        - containerPort: 80
      imagePullSecrets:
      - name: regcred
    
💖 💪 🙅 🚩
mkalioby
Mohamed M El-Kalioby

Posted on January 20, 2022

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related