Kubernetes – Private Docker Repository 설치

By | 2022년 10월 28일
Table of Content

Kubernetes – Private Docker Repository 설치

Private Docker Repository 를 설치합니다.

volume 은 편의상 hostPath 로 합니다.

namespace 생성

kubectl create namespace repository

docker-registry 생성

vi docker-registry.yaml
---------------------------
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: docker-repository
  namespace: repository
spec:
  serviceName: docker-repository
  replicas: 1
  selector:
    matchLabels:
      app: docker-repository
  template:
    metadata:
      labels:
        app: docker-repository
    spec:
      containers:
      - name: docker-repository
        image: registry:2.7.1
        ports:
          - name: http-port
            containerPort: 5000
        volumeMounts:
          - name: docker-repository-vol
            mountPath: /var/lib/registry
      volumes:
        - name: docker-repository-vol
          hostPath:
            path: /docker-registry
            type: DirectoryOrCreate

---

apiVersion: v1
kind: Service
metadata:
  name: docker-repository
  namespace: repository
spec:
  type: NodePort
  ports:
    - name: http
      nodePort: 30099
      port: 80
      targetPort: 5000
    - name: https
      nodePort: 30443
      port: 443
      targetPort: 5000
  selector:
    app: docker-repository
---------------------------
kubectl apply -f docker-registry.yaml

서비스 실행확인

kubectl get pods -n repository -o wide
kubectl get svc -n repository

아래 명령으로 정상 실행을 확인할 수 있다.

curl http://<worker node IP>:30099/v2/

https 적용

루트 인증서와 서버 인증서를 생성

우선, 여기 를 참조하여 루트 인증서와 서버 인증서를 생성 및 등록합니다.

docker-registry 에는 일반 도메인을 붙여야 하고,
Let’s Encrypt 같은 인증서를 붙여야 합니다.

아니면 관리상 매우 곤란해집니다.

아래 내용은 샘플용으로 놔두기는 하는데… 쓰지는 마시기 바랍니다.

docker-registry 수정

vi docker-registry.yaml
---------------------------
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: docker-repository
  namespace: repository
spec:
  serviceName: docker-repository
  replicas: 1
  selector:
    matchLabels:
      app: docker-repository
  template:
    metadata:
      labels:
        app: docker-repository
    spec:
      containers:
      - name: docker-repository
        image: registry:2.7.1
        ports:
        - name: http-port
          containerPort: 5000
        env:
        - name: REGISTRY_HTTP_ADDR
          value: 0.0.0.0:5000
        - name: REGISTRY_HTTP_TLS_CERTIFICATE
          value: /ssl/repository.crt
        - name: REGISTRY_HTTP_TLS_KEY
          value: /ssl/repository.key
        volumeMounts:
        - name: private-rootca-crt
          mountPath: /etc/ssl/certs/repository.pem
          subPath: rootCA.crt
          readOnly: true
        - name: repository-pemstore
          mountPath: /ssl/
          readOnly: true
        - name: docker-repository-vol
          mountPath: /var/lib/registry
      volumes:
      - name: private-rootca-crt
        configMap:
          name: private-rootca.crt
      - name: repository-pemstore
        configMap:
          name: repository-pemstore
      - name: docker-repository-vol
        hostPath:
          path: /docker-registry
          type: DirectoryOrCreate

---

apiVersion: v1
kind: Service
metadata:
  name: docker-repository
  namespace: repository
spec:
  type: ClusterIP
  ports:
    - name: https
      port: 443
      targetPort: 5000
  selector:
    app: docker-repository
---------------------------
kubectl apply -f docker-registry.yaml
kubectl get svc -n repository
NAME                TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)          AGE
docker-repository   ClusterIP   10.106.136.116   <none>        443/TCP          7m55s
cat /etc/hosts
127.0.0.1       localhost
10.106.136.116  docker-repository.repository.svc.cluster.local
curl https://docker-repository.repository.svc.cluster.local/v2/

답글 남기기