K
Q

Expose private Docker registry inside Kubernetes cluster at path `/registry`

3/25/2019

I have a private Docker registry inside a Kubernetes 1.13 cluster exposed by a Kubernetes NGINX ingress controller 0.23.0 and the following Ingress object:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /$1
  name: my-name
  namespace: my-namespace
spec:
  rules:
  - host: my-domain
    http:
      paths:
      - backend:
          serviceName: registry
          servicePort: 5000
        path: /?(.*)
  tls:
  - hosts:
    - my-domain
    secretName: my-secret

This allows me to pull an existing image as follows:

docker image pull my-cluster/my-image

I would not now change the setup such that the registry is exposed at my-cluster/registry. How can this be done, and is it even possible?

Changing path to /registry/?(.*) did not do the trick. docker login my-cluster/registry now produces the following error message and docker image pull my-cluster/registry/my-image also does not work. My current guess as to the root cause is that the registry also also use the prefix registry (as configured in the Ingress) for its internal redirects. If applicable, how can this be configured (preferably in the Ingress too)?

Error response from daemon: login attempt to https://my-cluster/v2/ failed with status: 404 Not Found
-- rookie099
docker-registry
kubernetes
kubernetes-ingress

Similar Questions

kubernetes local storage - no persistent volumes available for this claim and no storage class is set
Does Kubernetes support Docker CE on Linux?
interacting with redis-client pod on kubernetes
Resource Allocation in Kubernetes: How are pods scheduled?

2 Answers

4/8/2019

i have a similar issue, i'm trying to expose the registryui with nginx ingress on a /registry path.

first, I succeeded to expose with this configuration nginx :

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: registry-ingress
  namespace: devops
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/rewrite-target: /
    certmanager.k8s.io/cluster-issuer: letsencrypt-staging
    kubernetes.io/tls-acme: 'true'
spec:
  tls:
  - hosts:
    - registry.host.com
    secretName: letsencrypt-staging
  rules:
  - host: registry.host.com
    http:
      paths:
      - path: /
        backend:
          serviceName: registry-ui
          servicePort: 8080

on the other hand when I try expose the service with a path, I only have the home page that works, as I try to navigate in a sub page (a page of an image) I have a 404 error.

spec:
  tls:
  - hosts:
    - host.com
    secretName: letsencrypt-staging
  rules:
  - host: host.com
    http:
      paths:
      - path: /registry
        backend:
          serviceName: registry-ui
          servicePort: 8080

i wanted to know how did you come to the conclusion that it's impossible to have a host/regitry links working?

cordially thank you

-- Marouane Ayad
Source: StackOverflow
3/25/2019

I have now concluded that referring to a Docker registry by a URL-like location (such as my-cluster/registry) as opposed to a host-like location (such as my-cluster with an optional port) is not possible.

So I'll reserve a separate IP address and certificate for registry.my-cluster and proceed with that.

-- rookie099
Source: StackOverflow