DEV Community

Mohamed M El-Kalioby
Mohamed M El-Kalioby Subscriber

Posted on

Running Private Docker Registry for Kubernetes

#kubernetes #docker #django #ubuntu

As you work with Kubernetes, you will need a private docker registry to upload your images and then deploy them on Kubernetes, so this will summarize the steps

Note: You need a domain and a certificate from Lets Encrypt, the example domain is reg.example.com

The files are on github on the repo below

GitHub logo mkalioby / docker-reg-k8s

Run Docker registry for K8s

  1. Install Apache2

    sudo apt install apache2

  2. Create a persistent storage /data on all nodes (based on the storageClass you perfer, the deployment use hostPath

  3. Create passwd file on /data

     htpaswd -Bc /data/passwd username

    Enter the password twice

  4. Create a directory on /data/registry

    mkdir /data/registry

  5. Apply the deployment

    kubectl apply -f registry_deployment.yaml

    You can the file below

    apiVersion: apps/v1 kind: Deployment metadata: labels: app: registry name: registry namespace: default spec: replicas: 1 selector: matchLabels: app: registry template: metadata: labels: app: registry spec: containers: - env: - name: REGISTRY_AUTH value: htpasswd - name: REGISTRY_AUTH_HTPASSWD_REALM value: Registry - name: REGISTRY_AUTH_HTPASSWD_PATH value: /auth/passwd image: registry:2 name: registry ports: - containerPort: 5000 protocol: TCP volumeMounts: - mountPath: /data/ name: registry-data - mountPath: /auth/passwd name: passwd restartPolicy: Always volumes: - hostPath: path: /data/registry/ type: Directory name: registry-data - hostPath: path: /data/passwd type: File name: passwd

  6. Expose the service with NodePort

    kubectl expose deployment registry --type NodePort

    Make sure that CLUSTERIP/v2 works

  7. Proxy from apache to the Nodeport

  8. Enable Header mod

     a2enmod header

  9. Generate a certificate from Lets encrypt, Make redirect always

  10. Add the following to ssl config on your domain

    Header add X-Forwarded-Proto "https" RequestHeader add X-Forwarded-Proto "https"

  11. Now login to docker registry

    docker login https://reg.example.com

    Enter the username and password.

  12. Now build your image and push to the private repo

    docker build -t reg.example.com/test:v1.0 . docker push reg.example.com/test:v1.0

  13. Add your docker credentials to Kubernetes

    kubectl create secret generic regcred --from-file=.dockerconfigjson=$HOME/.docker/config.json --type=kubernetes.io/dockerconfigjson

  14. Create a deployment with the image from the private repo

    spec: containers: - name: test image: reg.example.com/test:v1.0 ports: - containerPort: 80 imagePullSecrets: - name: regcred

Top comments (0)