Running Private Docker Registry for Kubernetes

As you work with Kubernetes, you will need a private docker registry to upload your images and then deploy them on Kubernetes, so this will summarize the steps

Note: You need a domain and a certificate from Lets Encrypt, the example domain is reg.example.com

The files are on github on the repo below

mkalioby / docker-reg-k8s

Run Docker registry for K8s

1. Install Apache2
   

   sudo apt install apache2
   

2. Create a persistent storage /data on all nodes (based on the storageClass you perfer, the deployment use hostPath

3. Create passwd file on /data
   

    htpaswd -Bc /data/passwd username
   

   Enter the password twice

4. Create a directory on /data/registry
   

   mkdir /data/registry
   

5. Apply the deployment
   

   kubectl apply -f registry_deployment.yaml
   

   You can the file below
   

   apiVersion: apps/v1
   kind: Deployment
   metadata:
     labels:
       app: registry
   name: registry
   namespace: default
   spec:
     replicas: 1
     selector:
       matchLabels:
          app: registry
     template:
        metadata:
          labels:
           app: registry
        spec:
          containers:
           - env:
             - name: REGISTRY_AUTH
               value: htpasswd
             - name: REGISTRY_AUTH_HTPASSWD_REALM
               value: Registry
             - name: REGISTRY_AUTH_HTPASSWD_PATH
               value: /auth/passwd
             image: registry:2
             name: registry
             ports:
               - containerPort: 5000
                 protocol: TCP
             volumeMounts:
                - mountPath: /data/
                  name: registry-data
                - mountPath: /auth/passwd
                   name: passwd
          restartPolicy: Always
          volumes:
            - hostPath:
                path: /data/registry/
                type: Directory
              name: registry-data
            - hostPath:
               path: /data/passwd
               type: File
              name: passwd
   

6. Expose the service with NodePort
   

   kubectl expose deployment registry --type NodePort
   

   Make sure that CLUSTERIP/v2 works

7. Proxy from apache to the Nodeport

8. Enable Header mod
   

    a2enmod header
   

9. Generate a certificate from Lets encrypt, Make redirect always

10. Add the following to ssl config on your domain
    

    Header add X-Forwarded-Proto "https"
    RequestHeader add X-Forwarded-Proto "https"
    

11. Now login to docker registry
    

    docker login https://reg.example.com
    

    Enter the username and password.

12. Now build your image and push to the private repo
    

    docker build -t reg.example.com/test:v1.0 . 
    docker push reg.example.com/test:v1.0
    

13. Add your docker credentials to Kubernetes
    

    kubectl create secret generic regcred --from-file=.dockerconfigjson=$HOME/.docker/config.json --type=kubernetes.io/dockerconfigjson
    

14. Create a deployment with the image from the private repo
    

    spec:
      containers:
      - name: test
        image: reg.example.com/test:v1.0
        ports:
        - containerPort: 80
      imagePullSecrets:
      - name: regcred