[Raspberry Pi] Private Registry for K8s Cluster
By See Hiong
- 2 minutes read - 259 wordsWith your own Private Registry for Kubernetes Cluster, you can have full control over the docker registry and improve overall performance
Private Registry on Kubernetes Cluster
(Total Setup Time: 10 mins)
Docker Registry is the official implementation for storing and distributing Docker images.
Preparing Private Registry
(5mins)
First, create the self-signed certificate:
mkdir -p certs
openssl req \
-newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key \
-x509 -days 365 -out certs/domain.crt
Second, install the certificate in the master node and all of your leaf nodes:
sudo mkdir -p /etc/docker/certs.d/myregistrydomain.com:5000
sudo cp certs/domain.crt /etc/docker/certs.d/myregistrydomain.com:5000/ca.crt
sudo cp certs/domain.crt /usr/local/share/ca-certificates/myregistrydomain.com.crt
sudo update-ca-certificates
sudo systemctl restart docker
Third, start and deploy registry:
docker run -d \
--restart=always \
--name registry \
-v "$(pwd)"/certs:/certs \
-e REGISTRY_HTTP_ADDR=0.0.0.0:443 \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
-p 443:443 \
registry:2
Using Private Registry
(5 mins)
First, following up with my previous Jenkins Maven Agents, I pushed them to the private registry:
docker tag dojocube/jenkins-agent:1.0 myregistrydomain.com/my-jenkins-agent
docker push myregistrydomain.com/my-jenkins-agent
docker pull myregistrydomain.com/my-jenkins-agent
Second, navigate to Jenkins > Configure Clouds, and change the docker image to the private registry:
Docker image: myregistrydomain.com/my-jenkins-agent
And that’s it, the Private Registry on Kubernetes Cluster is setup properly for subsequent usage
Troubleshooting
Get https://myregistrydomain.com/v2/
: read: connection reset by peer'
For the leaf nodes to connect to myregistrydomain.com, you need to setup Hosts file:
sudo vi /etc/hosts
192.168.100.100 myregistrydomain.com
Get https://myregistrydomain.com/v2/
: x509: certificate signed by unknown authority
For the docker version I am using, I need to trust the cert at the OS level:
sudo cp certs/domain.crt /usr/local/share/ca-certificates/myregistrydomain.com.crt
sudo update-ca-certificates
sudo systemctl restart docker
Post a comment: