I am trying to deploy a private docker registry on Kubernetes using the official Docker image for the registry. However, I am getting some warnings on the deployment and also I am not able to access it in the pod.
The output from the registry container:
time="2019-04-12T18:40:21Z" level=warning msg="Ignoring unrecognized environment variable REGISTRY_PORT"
time="2019-04-12T18:40:21Z" level=warning msg="Ignoring unrecognized environment variable REGISTRY_PORT_5000_TCP"
time="2019-04-12T18:40:21Z" level=warning msg="Ignoring unrecognized environment variable REGISTRY_PORT_5000_TCP_ADDR"
time="2019-04-12T18:40:21Z" level=warning msg="Ignoring unrecognized environment variable REGISTRY_PORT_5000_TCP_PORT"
time="2019-04-12T18:40:21Z" level=warning msg="Ignoring unrecognized environment variable REGISTRY_PORT_5000_TCP_PROTO"
time="2019-04-12T18:40:21Z" level=warning msg="Ignoring unrecognized environment variable REGISTRY_SERVICE_HOST"
time="2019-04-12T18:40:21Z" level=warning msg="Ignoring unrecognized environment variable REGISTRY_SERVICE_PORT"
time="2019-04-12T18:40:21.145278902Z" level=warning msg="No HTTP secret provided - generated random secret. This may cause problems with uploads if multiple registries are behind a load-balancer. To provide a shared secret, fill in http.secret in the configuration file or set the REGISTRY_HTTP_SECRET environment variable." go.version=go1.11.2 instance.id=988660e4-d4b9-4d21-a42e-c60c82d00a73 service=registry version=v2.7.1
time="2019-04-12T18:40:21.145343563Z" level=info msg="redis not configured" go.version=go1.11.2 instance.id=988660e4-d4b9-4d21-a42e-c60c82d00a73 service=registry version=v2.7.1
time="2019-04-12T18:40:21.149771291Z" level=info msg="Starting upload purge in 2m0s" go.version=go1.11.2 instance.id=988660e4-d4b9-4d21-a42e-c60c82d00a73 service=registry version=v2.7.1
time="2019-04-12T18:40:21.163063574Z" level=info msg="using inmemory blob descriptor cache" go.version=go1.11.2 instance.id=988660e4-d4b9-4d21-a42e-c60c82d00a73 service=registry version=v2.7.1
time="2019-04-12T18:40:21.163689856Z" level=info msg="listening on [::]:5000" go.version=go1.11.2 instance.id=988660e4-d4b9-4d21-a42e-c60c82d00a73 service=registry version=v2.7.1
The yaml files for the deployment on Kubernetes:
104 apiVersion: extensions/v1beta1
105 kind: Deployment
106 metadata:
107 name: registry
108 namespace: docker
109 spec:
110 replicas: 1
111 template:
112 metadata:
113 labels:
114 name: registry
115 spec:
116 containers:
117 - resources:
118 name: registry
119 image: registry:2
120 ports:
121 - containerPort: 5000
122 volumeMounts:
123 - mountPath: /var/lib/registry
124 name: images
140 volumes:
141 - name: images
142 hostPath:
143 path: /mnt/nfs/docker-local-registry/images
150 nodeSelector:
151 name: master
152 ---
153 apiVersion: v1
154 kind: Service
155 metadata:
156 name: registry
157 namespace: docker
158 spec:
159 ports:
160 - port: 5000
161 targetPort: 5000
162 selector:
163 name: registry
Even if I ignore those warnings, accessing the registry in pod level with registry.docker:5000/image_name
and registry.docker.svc.cluster.local/image_name
won't work because the host cannot be resolved. I don't want the registry exposed. All that I want is to be able pods to pull the images from there.
Seems like you packed the registry image into the deployment without checking the requirements. Using your deployment I approached the same error. After some time of trying to pack it up correctly and reading the requirements on docker hub. This image requires some additional settings. You need to store your htpasswd, create certificates for HTPASSWD and create a directory for images. Also you will need to specify env vars and create corresponding paths in containers.
REGISTRY_AUTH
REGISTRY_AUTH_HTPASSWD_REALM
REGISTRY_AUTH_HTPASSWD_PATH
REGISTRY_HTTP_TLS_CERTIFICATE
REGISTRY_HTTP_TLS_KEY
Here is a tutorial that I have used and sucessfully deployed registry. If you will have problems just update the question and I will try to assist. Also this medium article can give you some ideas (but beware as the docker compose file needs some editing as it does not work in the form posted on in the article).
Not sure, I understand your use case completely, but if you want to start a pod that is based on an image served from the internal registry, it is important to understand that not the pod but the dockerd on the cluster node is pulling the image. The internal DNS names like *svc.cluster.local cannot be resolved there. At least in many K8s environments this is the case. Some people were discussing this here: https://github.com/knative/serving/issues/1996 It might help, if you post which Kubernetes provider (GKE, EKS etc.) you are using. The solution is to configure the cluster nodes to resolve these names, or to expose your registry externally using an ingress.