Running docker registry on K8S: An Example

Follow
Table of Contents

For the purpose of this example we will be using the docker registry helm chart available in the catalog.

A docker registry needs to have persistent storage available to store the container image layers.

The docker registry needs a persistent store for storing container images, unless this registry is only for testing purposes.

The list of supported docker registry drivers is available here.

For the purpose of this demo we will use the FileSystem driver, which allows the registry to use a local file system.

The helm chart needs a Persistent Volume for use with the FileSystem option.

The chart requires that the persistent volume is already available before the chart is deployed.

The users need to ensure that the appropriate cloud credentials are available for use in your K8S cluster.

For the purpose of this example we will use the NFS storage provisioner. Details on how to install the same can be found here.

Another pre-requisite for the docker-registry is an authentication user and password.

This can be easily created using the existing registry container image.

For this example we will create a user named demo which can authenticate with the password demopassword:

docker run --entrypoint htpasswd registry:2 -Bbn demo demopassword > htpasswd

This password can now be used in the variable updates for the chart.

We will use the docker-registry chart from the rancher charts library:

We need to update a few settings:

Specify the username:password combination generated from the htpasswd command in the Docker Registry Htpasswd Authentication field.

We will select the nfs-provisioner storage class.

We will also specify a hostname to use in the L7 load balancer ingress specificiation, example: registry.yourdomain.com

Now launching the app will deploy the docker-registry to a docker-registry namespace.

In case you are using a self signed certificate, then please ensure that the insecure-registries on your local docker-daemon are setup to include the newly setup registry. In this particular case registry.yourdomain.com

To verify the registry, we will login to the registry using the username / password we setup in the htpasswd file:

$ docker login -u demo registry.yourdomain.com
Password:
Login Succeeded

We can now push an image to this registry. We will just use an existing image for this test and re-tag it:

docker tag alpine:latest registry.yourdomain.com/alpine:latest

Now the push should be successful:

$ docker push registry.local/alpine:latest
The push refers to repository [registry.local/alpine]
03901b4a2ea8: Pushed
latest: digest: sha256:acd3ca9941a85e8ed16515bfc5328e4e2f8c128caa72959a58a127b7801ee01f size: 528
Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Article is closed for comments.