Skip to main content

Docker Private Registry Setup (Manual - Without any automation scripts like trow)


Pre-requisites:
>> k8s cluster setup with 1 Master and 2 Worker Nodes.
>> docker is install in all the nodes.
>> static ips for each nodes.

Add the blow entries in the /etc/hosts file of all the nodes.

10.0.1.13 registryserver.mydomain.com
10.0.1.12 registryclient01.mydomain.com
10.0.1.14 registryclient02.mydomain.com

Then in the Registry server node, issue the below command:

Install Docker Registry
#######################

Before starting, you will need a Docker private Registry on registry-server instance. First, download the registry image from the Docker Hub using the following command:

# docker pull registry:2

Once the registry image downloaded, you will need to generate a self-signed certificate for securing Docker Registry. Because, Docker node uses a secure connection over TLS to upload or download images to or from the private registry.

Go to the registry-server and run the following command to generate certificate:

# mkdir /etc/certs
# cd /etc/certs

# openssl req -newkey rsa:4096 -nodes -sha256 -keyout ca.key -x509 -days 365 -out ca.crt

You will need to copy generated ca.crt certificate to all registry client system for trusting this certificate.

root@dn1:~# cd /etc/docker/certs.d/
root@dn1:/etc/docker/certs.d# mkdir registryserver.mydomain.com:5000/
root@dn1:/etc/docker/certs.d/registryserver.mydomain.com:5000# ls -l
total 4
-rw-r--r-- 1 root root 2114 Nov  7 03:12 ca.crt

root@dn2:~# cd /etc/docker/certs.d/
root@dn2:/etc/docker/certs.d# mkdir registryserver.mydomain.com:5000/
root@dn2:/etc/docker/certs.d/registryserver.mydomain.com:5000# ls -l
total 4
-rw-r--r-- 1 root root 2114 Nov  7 03:12 ca.crt


Now, start Docker registry container with certificate information by running the following command in Registry Server:

docker run -d -p 5000:5000 --restart=always --name DockerRegistry-V2 -v /etc/certs:/etc/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/etc/certs/ca.crt -e REGISTRY_HTTP_TLS_KEY=/etc/certs/ca.key registry:2

Now give the below command for checking:

# docker ps | grep registry
76f2a44b7256        registry:2             "/entrypoint.sh /etc…"   3 hours ago         Up 3 hours          0.0.0.0:5000->5000/tcp   DockerRegistry-V2

After this you need to copy the ca.crt file from /etc/certs to /etc/docker/certs.d/registryserver.mydomain.com:5000/ directory.

Then reload the docker service in all the nodes:
# cp /etc/certs/ca.crt      /etc/docker/certs.d/registryserver.mydomain.com:5000/
root@namenode:~# systemctl reload docker
root@dn1:~# systemctl reload docker
root@dn2:~# systemctl reload docker


Now create your own docker image , if it is java application and you have the .jar file & Dockerfile:

cd to the jar file and Dockerfile location.

# sudo docker build --build-arg JAR_FILE=path-to-jar-file/jarfilename.jar .


# sudo docker images
REPOSITORY        TAG       IMAGE ID            CREATED             SIZE
<none>          <none>               57ca77bff947        2 hours ago         307MB

# sudo docker tag 57ca77bff947 registryserver.mydomain.com:5000/myclientimage:v1

root@namenode:~# docker images
REPOSITORY     TAG             IMAGE ID            CREATED             SIZE
registryserver.mydomain.com:5000/myclientimage   v1                  57ca77bff947        3 hours ago         307MB


# sudo docker push registryserver.mydomain.com:5000/myclientimage:v1

# docker pull registryserver.mydomain.com:5000/myclientimage:v1

Now do the pull command from all the registry client servers, and it should work:

# Now create a k8s container using this private registry repository :


# kubectl run my-app --image=registryserver.mydomain.com:5000/myclientimage:v1 --port=8080

root@namenode:~# kubectl get deploy
NAME               READY   UP-TO-DATE   AVAILABLE   AGE
my-app             1/1     1            1           167m


If you get connection refused error while pushing the image to the repository, you have to check the below sections for errors:

root@namenode:/var/lib/docker/containers#

cd to your containerid , then logs will be there.

For kubernetes logs:
#################

cd /var/log/containers/
tail -f kube-controller-manager-namenode.log




Comments

Post a Comment

Popular posts from this blog

Password reset too simplistic/systematic issue

Some time when we try to reset the password of our user in linux it will show as simple and systematic as below: BAD PASSWORD: it is too simplistic/systematic no matter how hard password you give it will show the same. Solution: ######### Check if your password is Ok with the below command, jino@ndz~$ echo 'D7y8HK#56r89lj&8*&^%&^%#56rlKJ!789l' | cracklib-check D7y8HK#56r89lj&8*&^%&^%#56rlKJ!789l: it is too simplistic/systematic Now Create a password with the below command : jino@ndz~$ echo $(tr -dc '[:graph:]' 7\xi%!W[y*S}g-H7W~gbEB4cv,9:E:K; You can see that this password will be ok with the cracklib-check. jino@ndz~$ echo '7\xi%!W[y*S}g-H7W~gbEB4cv,9:E:K;' | cracklib-check                 7\xi%!W[y*S}g-H7W~gbEB4cv,9:E:K;: OK Thats all, Thanks.
Post a Comment
Read more

Running K8s cluster service kubelet with Swap Memory Enabled

For enabling swap memory check the below link : https://jinojoseph.blogspot.com/2019/10/enable-swap-memory-using-swapfile-in.html # sudo vi /etc/systemd/system/kubelet.service.d/10-kubeadm.conf Add the KUBELET_EXTRA_ARGS line as below: ---------------------------------------- Environment="KUBELET_EXTRA_ARGS=--fail-swap-on=false" ExecStart= ExecStart=/usr/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS Now kubelet.service changed on disk. Run 'systemctl daemon-reload' to reload units # sudo systemctl daemon-reload # sudo systemctl restart kubelet # sudo systemctl status kubelet That is all cheers :p
Post a Comment
Read more

Nginx Ingress controller setup in K8S MultiNode Cluster with HA-Proxy as External LB

https://github.com/nginxinc/kubernetes-ingress/blob/master/docs/installation.md Pre-requisites: ############### >> K8s cluster setup with 1 Master and 2 Worker nodes. >> Deployed an application with Deployment name "client-sb" >> Also you need to create an HA-proxy server by spinning an Ec2 instance. After login the Ha-proxy server. # yum install haproxy # vi /etc/haproxy/haproxy.cfg delete everything after the global and defaults starting from "Main front-end which proxys to the backend" paste the below code in the end of the file: --------------------- frontend http_front   bind *:80   stats uri /haproxy?stats   default_backend http_back backend http_back   balance roundrobin   server kube 10.0.1.14:80   server kube 10.0.1.12:80 --------------------- # systemctl status haproxy # systemctl enable haproxy # systemctl start haproxy 1. Create a Namespace, a SA, the Default Secret, the Customization Confi...
Post a Comment
Read more