Pre-requisites:
>> k8s cluster setup with 1 Master and 2 Worker Nodes.
>> docker is install in all the nodes.
>> static ips for each nodes.
Add the blow entries in the /etc/hosts file of all the nodes.
10.0.1.13 registryserver.mydomain.com
10.0.1.12 registryclient01.mydomain.com
10.0.1.14 registryclient02.mydomain.com
Then in the Registry server node, issue the below command:
Install Docker Registry
#######################
Before starting, you will need a Docker private Registry on registry-server instance. First, download the registry image from the Docker Hub using the following command:
# docker pull registry:2
Once the registry image downloaded, you will need to generate a self-signed certificate for securing Docker Registry. Because, Docker node uses a secure connection over TLS to upload or download images to or from the private registry.
Go to the registry-server and run the following command to generate certificate:
# mkdir /etc/certs
# cd /etc/certs
# openssl req -newkey rsa:4096 -nodes -sha256 -keyout ca.key -x509 -days 365 -out ca.crt
You will need to copy generated ca.crt certificate to all registry client system for trusting this certificate.
root@dn1:~# cd /etc/docker/certs.d/
root@dn1:/etc/docker/certs.d# mkdir registryserver.mydomain.com:5000/
root@dn1:/etc/docker/certs.d/registryserver.mydomain.com:5000# ls -l
total 4
-rw-r--r-- 1 root root 2114 Nov 7 03:12 ca.crt
root@dn2:~# cd /etc/docker/certs.d/
root@dn2:/etc/docker/certs.d# mkdir registryserver.mydomain.com:5000/
root@dn2:/etc/docker/certs.d/registryserver.mydomain.com:5000# ls -l
total 4
-rw-r--r-- 1 root root 2114 Nov 7 03:12 ca.crt
Now, start Docker registry container with certificate information by running the following command in Registry Server:
docker run -d -p 5000:5000 --restart=always --name DockerRegistry-V2 -v /etc/certs:/etc/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/etc/certs/ca.crt -e REGISTRY_HTTP_TLS_KEY=/etc/certs/ca.key registry:2
Now give the below command for checking:
# docker ps | grep registry
76f2a44b7256 registry:2 "/entrypoint.sh /etc…" 3 hours ago Up 3 hours 0.0.0.0:5000->5000/tcp DockerRegistry-V2
After this you need to copy the ca.crt file from /etc/certs to /etc/docker/certs.d/registryserver.mydomain.com:5000/ directory.
Then reload the docker service in all the nodes:
# cp /etc/certs/ca.crt /etc/docker/certs.d/registryserver.mydomain.com:5000/
root@namenode:~# systemctl reload docker
root@dn1:~# systemctl reload docker
root@dn2:~# systemctl reload docker
Now create your own docker image , if it is java application and you have the .jar file & Dockerfile:
cd to the jar file and Dockerfile location.
# sudo docker build --build-arg JAR_FILE=path-to-jar-file/jarfilename.jar .
# sudo docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
<none> <none> 57ca77bff947 2 hours ago 307MB
# sudo docker tag 57ca77bff947 registryserver.mydomain.com:5000/myclientimage:v1
root@namenode:~# docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
registryserver.mydomain.com:5000/myclientimage v1 57ca77bff947 3 hours ago 307MB
# sudo docker push registryserver.mydomain.com:5000/myclientimage:v1
# docker pull registryserver.mydomain.com:5000/myclientimage:v1
Now do the pull command from all the registry client servers, and it should work:
# Now create a k8s container using this private registry repository :
# kubectl run my-app --image=registryserver.mydomain.com:5000/myclientimage:v1 --port=8080
root@namenode:~# kubectl get deploy
NAME READY UP-TO-DATE AVAILABLE AGE
my-app 1/1 1 1 167m
If you get connection refused error while pushing the image to the repository, you have to check the below sections for errors:
root@namenode:/var/lib/docker/containers#
cd to your containerid , then logs will be there.
For kubernetes logs:
#################
cd /var/log/containers/
tail -f kube-controller-manager-namenode.log
Comments