TL;DR: Deploy a private docker registry in just 5 minutes!
Why your own private registry?
The main reason is for privacy.
If your are working with private code, you need to use a private registry. Among the available options we have Docker Hub, Azure Container Registry, GitLab … and your cluster!
Other reason is the flexibility.
I prefer my own registry in my cluster because we use a lot of containers for our DevOps cycle: testing, pipelines, etc. If you use a cheap cloud provider for the storage in the cluster, you have a private registry with endless possibilities.
- A Kubernetes cluster managed by Rancher.
If you haven’t it, use the following post to create one in just 15 minutes.
How to create a Kubernetes cluster with Rancher on Hetzner
TL;DR: In 15 minutes you can have a lab cluster ready to test or to deploy your projects cheap and easily.
- Cert-manager installed in the cluster.
Not already? No problem, follow this guideline
Free SSL certificate for your Kubernetes cluster with Rancher
Thanks to Let’s encrypt we can create SSL certificates for our HTTPS or TLS services for.. FREE!
- A domain/subdomain to use for your registry.
- 5 minutes? Do you have it? Great, let’s go!
1. Redirect your domain
I don’t like to remember IP addresses. And you?
We’ll use the subdomain “registry.company.com” for our registry.
You need to enter in your domain provider portal where the domain “company.com” was registered and add a A DNS record or CNAME record.
The IP address or CNAME domain/subdomain must point to your load balancer IP in your cluster.
Made the association, it is only a matter of minutes that it is already ready.
You can check it with “nslookup” CLI tool. For example, if we associate the IP 18.104.22.168 to “registry.company.com”, we obtain an output like the following.
% nslookup registry.company.com
Address: 192.168.1.1#53Non-authoritative answer:
2. Install Docker Registry
Enter in your Rancher panel and go to your cluster. Then, access to the namespace where you will create the registry. For example, “default”.
Click in “App” and then in the “Launch” button.
Search for the “docker-registry” app.
Select it to prepare the installation.
We use the following settings:
- Name: docker-registry
- Namespace: default
- Secret settings. Here we need to specify a “htpasswd” format user:secret. In our example, we create the user “admin” with the password “itsasecret”.
You can get it with the following command. Put the output (admin:$2…10K) in the field “Docker Registry Htpasswd Authentication”
% docker run --rm --entrypoint htpasswd registry:2 -Bbn admin itsasecret
- Check “Persistent Volume Enabled” for use an external volume. In our case, we use Hetzner storage class “hcloud-volumes” as “Default StorageClass for Docker Registry”. About the size of the image, use 50GB for example.
- In “Services and load balancing”, just select “ClusterIP” for “Docker Registry Service Type”. We setup the load balancer in the next step.
All right! Just press on “Launch” and wait until the pod is running.
3. Setup the ingress
Right now our container only works internally in our cluster.
We’ll specify a nginx-ingress to access it from everywhere.
Here the keys are in:
- Cert-manager annotation for request a “Let’s Encrypt” free TLS certificate.
- TLS options for store the certificate and specify the domain
- Service settings: service name and port.
We apply it
% kubectl apply -f ingress-docker-registry.yaml
4. Upload your first image
Ready to test your docker registry?
We use the “hello-world” docker container.
First, we need to login to your registry with the credentials. In our example: admin / itsasecret.
% docker login registry.company.com
Before upload, we get the image.
% docker pull hello-worldUsing default tag: latest
latest: Pulling from library/hello-world
0e03bdcc26d7: Pull complete
Status: Downloaded newer image for hello-world:latest
Now, we need to add a tag under our registry domain.
% docker tag hello-world:latest registry.compamy.com/hello-world:latest
The real test, the “push it!”
% docker push registry.company.com/hello-world:latest
The push refers to repository [registry.company.com/hello-world]
latest: digest: sha256:90659bf80b44ce6be8234e6ff90a1ac34acbeb826903b02cfa0da11c82cbc042 size: 525
Voilá! Your own private docker registry works!
Please, if you liked it, give it a round of applause. And if you want to know more about DevOps, Kubernetes, Docker, etc … follow me! KR