Kubernetes: Docker Private Registry

by

We know the importance of Private Registry especially in an airgapped environment where the main systems are not allowed or are not desired to connect to the internet.

Today we will see how we can setup a private registry easily and going further use that for our application deployments and upgrades.

Pre-Requisites

  • Machine with Docker Installed
  • Approximately 200 GB of Disk Space (Depends on all the images that you want to keep, but I would start with a a decent disk space).
  • Good Connection to Internet

Steps

Install Package and Dependencies

Install Docker and Apache Utils

In SUSE and OpenSUSE:
#zypper -n in docker apache2-utils

In Ubuntu
#apt-get install docker.ce apache2-utils -y

Start and Enable Docker Service

#systemctl start docker.service && systemctl enable docker.service

Setup Authentication

Create Directories for Auth and Certs

#mkdir -p ~/private-registry/auth && mkdir ~/private-registry/certs

Create Self signed Certificates – (Modify parts of command accordingly)

#cd ~/private-registry/certs && openssl genrsa 2048 > domain.key && chmod 400 domain.key

#openssl req -newkey rsa:4096 -nodes -sha256 -keyout domain.key \ -addext "subjectAltName = DNS:privreg.demolabs.com" -x509 -days 365 -out domain.crt

To check authentication via docker you will need to place these files under docker cert directory.

So create the certificate directory and copy the “.crt” file.

#mkdir -p /etc/docker/certs.d/privreg.demolabs.com:443
#cd /etc/docker/certs.d/privreg.demolabs.com:443
#cp -prav /root/private-registry/certs/domain.crt .

Start the registry container – (Make relevant changes accordingly)

#cd /root/private-registry
#docker run -d --restart=always --name private-registry2 \
-v pwd/auth:/auth \ 
-v pwd/certs:/certs \
-e REGISTRY_AUTH=htpasswd \ 
-e REGISTRY_AUTH_HTPASSWD_REALM="Registry Realm" \ 
-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/passwd-file \ 
-e REGISTRY_HTTP_ADDR=0.0.0.0:443 \ 
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \ 
-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key -p 443:443 registry:2

Login to Registry and Validate

#docker login -u registry-user https://privreg.demolabs.com:443

Conclusion

We saw how easy it is to deploy a private registry. Next we will se how we can populate it with our required images and use it in deployments. So stay tuned.

2 thoughts on “Kubernetes: Docker Private Registry”

  1. Pingback: Kubernetes: Configure Private Registry with Images – AvoidingTech!!!
  2. Pingback: Kubernetes: Setup K8S cluster in Airgapped environment – AvoidingTech!!!

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

error: Content is protected !!