failed to deploy a local registry with tls in k8s cluster

11/12/2018

I deploy the private registry with tls as per the guide here https://www.nearform.com/blog/how-to-run-a-public-docker-registry-in-kubernetes/,but i failed to pass the test. i am stumped,Any suggestions/tutorials ?

definition of issuer:

                    [root@qmtjj-01 ~]# cat issuer.yaml 
                    apiVersion: certmanager.k8s.io/v1alpha1
                    kind: Issuer
                    metadata:
                      name: acme-issuer
                    spec:
                      acme:
                        email: gw5588975@gmail.com
                        server: https://acme-v02.api.letsencrypt.org/directory
                        privateKeySecretRef:
                          name: acme-issuer-account-key
                        http01: {}
                    [root@qmtjj-01 ~]#

definition of service:

            [root@qmtjj-01 ~]# cat service_Docker_Registry.yaml 
            apiVersion: v1
            kind: Service
            metadata:
              name: docker-registry
            spec:
              type: ClusterIP
              ports:
                - name: http
                  protocol: TCP
                  port: 5000
                  targetPort: 5000

              selector:
                name: docker-registry
            [root@qmtjj-01 ~]# 

definition of authentication :

             cat htpasswd.yaml
            apiVersion: v1
            kind: Secret
            metadata:
              name: docker-registry
            type: Opaque
            data:
              HTPASSWD: YWRtaW46JDJ5JDA1JHRGdFo3UWJEQ0lIZDVEWHhKWl

definition of ingress:

               cat ingress_docker_registry.yaml
            apiVersion: extensions/v1beta1
            kind: Ingress
            metadata:
              name: docker-registry
              annotations:
                kubernetes.io/ingress.class: nginx
                nginx.ingress.kubernetes.io/proxy-body-size: "0"
                certmanager.k8s.io/issuer: acme-issuer
            spec:
              tls:
              - hosts:
                - registry.mydomain.com
                secretName: docker-registry-tls-certificate
              rules:
              - host: registry.mydomain.com
                http:
                  paths:
                  - backend:
                      serviceName: docker-registry
                      servicePort: 5000
            status:
              loadBalancer:
                ingress:
                - {}

definition of pod:

                [root@qmtjj-01 ~]# cat Docker_Registry_Pod_definition.yaml 
            apiVersion: v1
            kind: Pod
            metadata:
              name: docker-registry
              labels:
                name: docker-registry
            spec:
              volumes:
                - name: config
                  configMap:
                    name: docker-registry
                    items:
                      - key: registry-config.yml
                        path: config.yml
                - name: htpasswd
                  secret:
                    secretName: docker-registry
                    items:
                    - key: HTPASSWD
                      path: htpasswd
                - name: storage
                  emptyDir: {}
              containers:
                - name: docker-registry
                  image: registry:2.6.2
                  imagePullPolicy: IfNotPresent
                  ports:
                    - name: http
                      containerPort: 5000
                      protocol: TCP
                  volumeMounts:
                    - name: config
                      mountPath: /etc/docker/registry
                      readOnly: true
                    - name: htpasswd
                      mountPath: /auth
                      readOnly: true
                    - name: storage
                      mountPath: /var/lib/registry


            [root@qmtjj-01 ~]# cat Configuration_Docker_Registry.yaml
            apiVersion: v1
            kind: ConfigMap
            metadata:
              name: docker-registry
            data:
              registry-config.yml: |
                version: 0.1
                log:
                  fields:
                    service: registry
                storage:
                  cache:
                    blobdescriptor: inmemory
                  filesystem:
                    rootdirectory: /var/lib/registry
                http:
                  addr: :5000
                  headers:
                    X-Content-Type-Options: [nosniff]
                auth:
                  htpasswd:
                    realm: basic-realm
                    path: /auth/htpasswd
                health:
                  storagedriver:
                    enabled: true
                    interval: 10s
                    threshold: 3
            [root@qmtjj-01 ~]# 


             cat registry.mydomain.com 
            apiVersion: certmanager.k8s.io/v1alpha1
            kind: Certificate
            metadata:
              name: docker-registry
            spec:
              secretName: docker-registry-tls-certificate
              issuerRef:
                name: acme-issuer
              dnsNames:
              - registry.mydomain.com
              acme:
                config:
                - http01:
                    ingressClass: nginx
                  domains:
                  - registry.mydomain.com


            [root@qmtjj-01 ~]# cat service_Docker_Registry.yaml 
            apiVersion: v1
            kind: Service
            metadata:
              name: docker-registry
            spec:
              type: ClusterIP
              ports:
                - name: http
                  protocol: TCP
                  port: 5000
                  targetPort: 5000

              selector:
                name: docker-registry

running status:

            [root@qmtjj-01 ~]# kubectl get pod
            NAME                                                      READY   STATUS    RESTARTS   AGE
            busybox-bd8fb7cbd-wgvzj                                   1/1     Running   599        25d
            docker-registry                                           1/1     Running   0          2d20h
            my-nginx-nginx-ingress-controller-565bc9555b-bqfr7        1/1     Running   0          20d
            my-nginx-nginx-ingress-default-backend-5bcb65f5f4-6ldk6   1/1     Running   2          20d
            nginx-cdd8d77b-m7c5q                                      1/1     Running   0          14d
            [root@qmtjj-01 ~]# kubectl get svc
            NAME                                     TYPE           CLUSTER-IP    EXTERNAL-IP    PORT(S)                      AGE
            docker-registry                          LoadBalancer   10.32.0.112   172.24.1.173   5000:32249/TCP               2d20h
            kubernetes                               ClusterIP      10.32.0.1     <none>         443/TCP                      42d
            my-nginx-nginx-ingress-controller        LoadBalancer   10.32.0.209   172.24.1.171   80:30480/TCP,443:30571/TCP   20d
            my-nginx-nginx-ingress-default-backend   ClusterIP      10.32.0.30    <none>         80/TCP                       20d
            nginx                                    LoadBalancer   10.32.0.180   172.24.1.172   80:30032/TCP                 14d
            [root@qmtjj-01 ~]# kubectl get ingre
            error: the server doesn't have a resource type "ingre"
            [root@qmtjj-01 ~]# kubectl get ingress
            NAME              HOSTS                                                  ADDRESS   PORTS     AGE
            docker-registry   registry.mydomain.com                                                80, 443   2d18h
            test-ingress      ingress1.stcn.com,ingress2.stcn.com,ingress.mydomain.com             80        19d
            [root@qmtjj-01 ~]# 
-- aditya cn
docker-registry
kubernetes
ssl

0 Answers