Private Registry for K8s Cluster
With your own Private Registry for Kubernetes Cluster, you can have full control over the docker registry and improve overall performance
Private Registry on Kubernetes Cluster
(Total Setup Time: 10 mins)
Docker Registry is the official implementation for storing and distributing Docker images.
Preparing Private Registry
(5mins)
First, create the self-signed certificate:
mkdir -p certs
openssl req \
-newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key \
-x509 -days 365 -out certs/domain.crt
Second, install the certificate in the master node and all of your leaf nodes:
sudo mkdir -p /etc/docker/certs.d/myregistrydomain.com:5000
sudo cp certs/domain.crt /etc/docker/certs.d/myregistrydomain.com:5000/ca.crt
sudo cp certs/domain.crt /usr/local/share/ca-certificates/myregistrydomain.com.crt
sudo update-ca-certificates
sudo systemctl restart docker
Third, start and deploy registry:
docker run -d \
--restart=always \
--name registry \
-v "$(pwd)"/certs:/certs \
-e REGISTRY_HTTP_ADDR=0.0.0.0:443 \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
-p 443:443 \
registry:2
Using Private Registry
(5 mins)
First, following up with my previous Jenkins Maven Agents, I pushed them to the private registry:
docker tag seehiong/jenkins-agent:1.0 myregistrydomain.com/my-jenkins-agent
docker push myregistrydomain.com/my-jenkins-agent
docker pull myregistrydomain.com/my-jenkins-agent
Second, navigate to Jenkins > Configure Clouds, and change the docker image to the private registry:
Docker image: myregistrydomain.com/my-jenkins-agent
And that’s it, the Private Registry on Kubernetes Cluster is setup properly for subsequent usage
Troubleshooting
Get https://myregistrydomain.com/v2/: read: connection reset by peer
For the leaf nodes to connect to myregistrydomain.com, you need to setup Hosts file:
sudo vi /etc/hosts
192.168.100.100 myregistrydomain.com
Get https://myregistrydomain.com/v2/: x509: certificate signed by unknown authority
For the docker version I am using, I need to trust the cert at the OS level:
sudo cp certs/domain.crt /usr/local/share/ca-certificates/myregistrydomain.com.crt
sudo update-ca-certificates
sudo systemctl restart docker