27 C
Jaipur
Thursday, October 22, 2020

How to Setup Private Docker Registry in Kubernetes (k8s)

Must read

Acer Chromebook: Acer launches Chromebook Spin 513 and Halo smart speaker

Acer has launched its first Chromebook powered by the Qualcomm Snapdragon 7c compute platform – the Acer Chromebook Spin 513...

Huawei Mate 40: Huawei unveils the Mate 40 Pro and Pro+ smartphones

Huawei has bolstered its product line-up with the Mate 40 Series flagship smartphones--the Mate 40 Pro and the Mate 40 Pro+....

Flipkart: Flipkart, Reliance Jio deals push VC inflows to $3.6 billion in September quarter : Report – Latest News

Despite the pandemic-driven recession, venture capitalists continued to invest dollars into the country with September quarter seeing investment inflows more than doubling to USD...

google: Google has undermined competition, says South Korean antitrust chief – Latest News

South Korea's antitrust chief said on Thursday the agency believes US search engine giant Google has undermined competition, adding that the agency plans to...

It is always recommended to have private docker registry or repository in your Kubernetes cluster. Docker private registry allows the developers to push and pull their private container images. Once the application’s containers are pushed to private registry then developers can use the path of their private registry while creating and deploying their yaml files.

In this article, we will learn how we can deploy private docker registry as a deployment on top of Kubernetes cluster. I am assuming Kubernetes cluster is already up and running.

Kubernetes lab details for setting up private docker registry

  • k8s-master – 192.168.1.40 – CentOS 7
  • k8s-worker-1 – 192.168.1.41 – CentOS 7
  • k8s-worker-2 – 192.168.1.42  – CentOS 7
  • kadmin user with sudo rights
  • NFS share ‘/opt/certs’ & ‘/opt/registry’

Note:  In my case, I have setup nfs server on master node and exported /opt/certs and /opt/registry as nfs share.

Before starting the deployment of private registry, please make sure these nfs shares are mounted on each worker nodes. Run the following commands on each worker node.

$ sudo mkdir /opt/certs /opt/registry
$ sudo mount 192.168.1.40:/opt/certs /opt/certs
$ sudo mount 192.168.1.40:/opt/registry /opt/registry

For permanent mount, add nfs entries in /etc/fstab file.

In place of mounting these nfs shares, we can also create nfs based persistent volumes and later we can use these persistent volumes in yaml file.

Let’s dive into installation and configuration steps of private docker registry in Kubernetes.

Step 1) Generate self-signed certificates for private registry

Login to your control plane or master node and use openssl command to generate self-signed certificates for private docker repository.

[[email protected] ~]$ cd /opt
[[email protected] opt]$ sudo openssl req -newkey rsa:4096 -nodes -sha256 -keyout ./certs/registry.key -x509 -days 365 -out ./certs/registry.crt

Once the key and certificate file are generated, use ls command to verify them,

[[email protected] opt]$ ls -l certs/
total 8
-rw-r--r--. 1 root root 2114 Sep 26 03:26 registry.crt
-rw-r--r--. 1 root root 3272 Sep 26 03:26 registry.key
[[email protected] opt]$

Step 2) Deploy private registry as deployment via yaml file

On your master node, create a private-registry.yaml file with the following contents

[[email protected] ~]$ mkdir docker-repo
[[email protected] ~]$ cd docker-repo/
[[email protected] docker-repo]$ vi private-registry.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: private-repository-k8s
  labels:
    app: private-repository-k8s
spec:
  replicas: 1
  selector:
    matchLabels:
      app: private-repository-k8s
  template:
    metadata:
      labels:
        app: private-repository-k8s
    spec:
      volumes:
      - name: certs-vol
        hostPath:
          path: /opt/certs
          type: Directory
      - name: registry-vol
        hostPath:
          path: /opt/registry
          type: Directory

      containers:
        - image: registry:2
          name: private-repository-k8s
          imagePullPolicy: IfNotPresent
          env:
          - name: REGISTRY_HTTP_TLS_CERTIFICATE
            value: "/certs/registry.crt"
          - name: REGISTRY_HTTP_TLS_KEY
            value: "/certs/registry.key"
          ports:
            - containerPort: 5000
          volumeMounts:
          - name: certs-vol
            mountPath: /certs
          - name: registry-vol
            mountPath: /var/lib/registry

save and close the yaml file

Run the following kubectl command deploy the private registry using above created yaml file,

[[email protected] docker-repo]$ kubectl create -f private-registry.yaml
deployment.apps/private-repository-k8s created
[[email protected] docker-repo]$

Execute below kubectl commands to verify status of registry deployment and its pod.

[[email protected] ~]$ kubectl get deployments private-repository-k8s
NAME                     READY   UP-TO-DATE   AVAILABLE   AGE
private-repository-k8s   1/1     1            1           3m32s
[[email protected] ~]$
[[email protected] ~]$ kubectl get pods | grep -i private-repo
private-repository-k8s-85cf76b9d7-qsjxq   1/1     Running   0          5m14s
[[email protected] ~]$

Perfect, above output confirms that registry has been deployed successfully, Now copy the registry certificate file to worker nodes and master node under the folder “/etc/pki/ca-trust/source/anchors“. Execute the following commands on master node and each worker nodes

$ sudo cp /opt/certs/registry.crt /etc/pki/ca-trust/source/anchors/
$ sudo update-ca-trust
$ sudo systemctl restart docker

Step 3) Expose registry deployment as a nodeport service type

To expose registry deployment as a nodeport service type, create the following yaml file with the beneath contents,

[[email protected] ~]$ cd docker-repo/
[[email protected] docker-repo]$ vi private-registry-svc.yaml
apiVersion: v1
kind: Service
metadata:
  labels:
    app: private-repository-k8s
  name: private-repository-k8s
spec:
  ports:
  - port: 5000
    nodePort: 31320
    protocol: TCP
    targetPort: 5000
  selector:
    app: private-repository-k8s
  type: NodePort

save and close the file.

Now deploy the service by running following kubectl command,

[[email protected] docker-repo]$ kubectl create -f private-registry-svc.yaml
service/private-repository-k8s created
[[email protected] docker-repo]$

Run below kubectl command to verify the service status,

[[email protected] ~]$ kubectl get svc private-repository-k8s
NAME                     TYPE       CLUSTER-IP      EXTERNAL-IP   PORT(S)          AGE
private-repository-k8s   NodePort   10.100.113.39   <none>        5000:31320/TCP   2m1s
[[email protected] ~]$

Step 4) Test and Use private docker registry in k8s

To test private registry, we will download nginx image locally and then will upload that image to private registry, from the master node run the following set of commands,

[[email protected] ~]$ sudo docker pull nginx
[[email protected] ~]$ sudo docker tag nginx:latest k8s-master:31320/nginx:1.17
[[email protected] ~]$ sudo docker push k8s-master:31320/nginx:1.17

Output of above command would like below:

Run below docker command to verify whether nginx is uploaded to private repository or not.

[[email protected] ~]$ sudo docker image ls | grep -i nginx
nginx                                latest              7e4d58f0e5f3        2 weeks ago         133MB
k8s-master:31320/nginx               1.17                7e4d58f0e5f3        2 weeks ago         133MB
[[email protected] ~]$

Now, let’s deploy a nginx based deployment and in the yaml file specify the image’s path as our private docker registry. Example is shown below:

[[email protected] ~]$ vi nginx-test-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-test-deployment
  labels:
    app: nginx
spec:
  replicas: 3
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx-1-17
        image: k8s-master:31320/nginx:1.17
        ports:
        - containerPort: 80

Save and Close the file

Run following kubectl commands,

[[email protected] ~]$ kubectl create -f nginx-test-deployment.yaml
deployment.apps/nginx-test-deployment created
[[email protected] ~]$ kubectl get deployments  nginx-test-deployment
NAME                    READY   UP-TO-DATE   AVAILABLE   AGE
nginx-test-deployment   3/3     3            3           13s
[[email protected] ~]$
[[email protected] ~]$ kubectl get  pods | grep nginx-test-deployment
nginx-test-deployment-f488694b5-2rvmv     1/1     Running   0          80s
nginx-test-deployment-f488694b5-8kb6c     1/1     Running   0          80s
nginx-test-deployment-f488694b5-dgcxl     1/1     Running   0          80s
[[email protected] ~]$

Try to describe any pod using ‘kubectl describe‘ command and verify image path

[[email protected] ~]$ kubectl describe pod nginx-test-deployment-f488694b5-2rvmv

Output of above command would be,

Above output confirms that container’s image path is our private docker registry, so it means nginx image has been downloaded from private registry. That’s all from this article, I hope these steps help you to setup private docker registry on your Kubernetes cluster. Please do share your feedback and comments in the comments section below.

Source link

- Advertisement -

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest article

Acer Chromebook: Acer launches Chromebook Spin 513 and Halo smart speaker

Acer has launched its first Chromebook powered by the Qualcomm Snapdragon 7c compute platform – the Acer Chromebook Spin 513...

Huawei Mate 40: Huawei unveils the Mate 40 Pro and Pro+ smartphones

Huawei has bolstered its product line-up with the Mate 40 Series flagship smartphones--the Mate 40 Pro and the Mate 40 Pro+....

Flipkart: Flipkart, Reliance Jio deals push VC inflows to $3.6 billion in September quarter : Report – Latest News

Despite the pandemic-driven recession, venture capitalists continued to invest dollars into the country with September quarter seeing investment inflows more than doubling to USD...

google: Google has undermined competition, says South Korean antitrust chief – Latest News

South Korea's antitrust chief said on Thursday the agency believes US search engine giant Google has undermined competition, adding that the agency plans to...

apple: Apple expands Express retail store format ahead of holiday season – Latest News

Apple is expanding a new physical store format as it tries to get iPhone 12 models into customers' hands, its retail chief told Reuters...