Table of Contents
Kubernetes – Private Docker Repository 설치
Private Docker Repository 를 설치합니다.
volume 은 편의상 hostPath 로 합니다.
namespace 생성
kubectl create namespace repository
docker-registry 생성
vi docker-registry.yaml
---------------------------
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: docker-repository
namespace: repository
spec:
serviceName: docker-repository
replicas: 1
selector:
matchLabels:
app: docker-repository
template:
metadata:
labels:
app: docker-repository
spec:
containers:
- name: docker-repository
image: registry:2.7.1
ports:
- name: http-port
containerPort: 5000
volumeMounts:
- name: docker-repository-vol
mountPath: /var/lib/registry
volumes:
- name: docker-repository-vol
hostPath:
path: /docker-registry
type: DirectoryOrCreate
---
apiVersion: v1
kind: Service
metadata:
name: docker-repository
namespace: repository
spec:
type: NodePort
ports:
- name: http
nodePort: 30099
port: 80
targetPort: 5000
- name: https
nodePort: 30443
port: 443
targetPort: 5000
selector:
app: docker-repository
---------------------------
kubectl apply -f docker-registry.yaml
서비스 실행확인
kubectl get pods -n repository -o wide
kubectl get svc -n repository
아래 명령으로 정상 실행을 확인할 수 있다.
curl http://<worker node IP>:30099/v2/
https 적용
루트 인증서와 서버 인증서를 생성
우선, 여기 를 참조하여 루트 인증서와 서버 인증서를 생성 및 등록합니다.
docker-registry 에는 일반 도메인을 붙여야 하고,
Let’s Encrypt 같은 인증서를 붙여야 합니다.
아니면 관리상 매우 곤란해집니다.
아래 내용은 샘플용으로 놔두기는 하는데… 쓰지는 마시기 바랍니다.
docker-registry 수정
vi docker-registry.yaml
---------------------------
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: docker-repository
namespace: repository
spec:
serviceName: docker-repository
replicas: 1
selector:
matchLabels:
app: docker-repository
template:
metadata:
labels:
app: docker-repository
spec:
containers:
- name: docker-repository
image: registry:2.7.1
ports:
- name: http-port
containerPort: 5000
env:
- name: REGISTRY_HTTP_ADDR
value: 0.0.0.0:5000
- name: REGISTRY_HTTP_TLS_CERTIFICATE
value: /ssl/repository.crt
- name: REGISTRY_HTTP_TLS_KEY
value: /ssl/repository.key
volumeMounts:
- name: private-rootca-crt
mountPath: /etc/ssl/certs/repository.pem
subPath: rootCA.crt
readOnly: true
- name: repository-pemstore
mountPath: /ssl/
readOnly: true
- name: docker-repository-vol
mountPath: /var/lib/registry
volumes:
- name: private-rootca-crt
configMap:
name: private-rootca.crt
- name: repository-pemstore
configMap:
name: repository-pemstore
- name: docker-repository-vol
hostPath:
path: /docker-registry
type: DirectoryOrCreate
---
apiVersion: v1
kind: Service
metadata:
name: docker-repository
namespace: repository
spec:
type: ClusterIP
ports:
- name: https
port: 443
targetPort: 5000
selector:
app: docker-repository
---------------------------
kubectl apply -f docker-registry.yaml
kubectl get svc -n repository
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
docker-repository ClusterIP 10.106.136.116 <none> 443/TCP 7m55s
cat /etc/hosts
127.0.0.1 localhost
10.106.136.116 docker-repository.repository.svc.cluster.local
curl https://docker-repository.repository.svc.cluster.local/v2/