{"id":6840,"date":"2022-10-28T22:14:10","date_gmt":"2022-10-28T13:14:10","guid":{"rendered":"https:\/\/www.skyer9.pe.kr\/wordpress\/?p=6840"},"modified":"2023-01-18T08:30:54","modified_gmt":"2023-01-17T23:30:54","slug":"kubernetes-private-docker-repository-%ec%84%a4%ec%b9%98","status":"publish","type":"post","link":"https:\/\/www.skyer9.pe.kr\/wordpress\/?p=6840","title":{"rendered":"Kubernetes – Private Docker Repository \uc124\uce58"},"content":{"rendered":"

Kubernetes – Private Docker Repository \uc124\uce58<\/h1>\n

Private Docker Repository \ub97c \uc124\uce58\ud569\ub2c8\ub2e4.<\/p>\n

volume \uc740 \ud3b8\uc758\uc0c1 hostPath \ub85c \ud569\ub2c8\ub2e4.<\/p>\n

namespace \uc0dd\uc131<\/h2>\n
kubectl create namespace repository<\/code><\/pre>\n
docker-registry \uc0dd\uc131<\/h2>\n
vi docker-registry.yaml\n---------------------------\napiVersion: apps\/v1\nkind: StatefulSet\nmetadata:\n  name: docker-repository\n  namespace: repository\nspec:\n  serviceName: docker-repository\n  replicas: 1\n  selector:\n    matchLabels:\n      app: docker-repository\n  template:\n    metadata:\n      labels:\n        app: docker-repository\n    spec:\n      containers:\n      - name: docker-repository\n        image: registry:2.7.1\n        ports:\n          - name: http-port\n            containerPort: 5000\n        volumeMounts:\n          - name: docker-repository-vol\n            mountPath: \/var\/lib\/registry\n      volumes:\n        - name: docker-repository-vol\n          hostPath:\n            path: \/docker-registry\n            type: DirectoryOrCreate\n\n---\n\napiVersion: v1\nkind: Service\nmetadata:\n  name: docker-repository\n  namespace: repository\nspec:\n  type: NodePort\n  ports:\n    - name: http\n      nodePort: 30099\n      port: 80\n      targetPort: 5000\n    - name: https\n      nodePort: 30443\n      port: 443\n      targetPort: 5000\n  selector:\n    app: docker-repository\n---------------------------<\/code><\/pre>\n
kubectl apply -f docker-registry.yaml<\/code><\/pre>\n
\uc11c\ube44\uc2a4 \uc2e4\ud589\ud655\uc778<\/h2>\n
kubectl get pods -n repository -o wide\nkubectl get svc -n repository<\/code><\/pre>\n
\uc544\ub798 \uba85\ub839\uc73c\ub85c \uc815\uc0c1 \uc2e4\ud589\uc744 \ud655\uc778\ud560 \uc218 \uc788\ub2e4.<\/p>\n
curl http:\/\/<worker node IP>:30099\/v2\/<\/code><\/pre>\n
https \uc801\uc6a9<\/h2>\n
\ub8e8\ud2b8 \uc778\uc99d\uc11c\uc640 \uc11c\ubc84 \uc778\uc99d\uc11c\ub97c \uc0dd\uc131<\/h3>\n
\uc6b0\uc120, \uc5ec\uae30<\/a> \ub97c \ucc38\uc870\ud558\uc5ec \ub8e8\ud2b8 \uc778\uc99d\uc11c\uc640 \uc11c\ubc84 \uc778\uc99d\uc11c\ub97c \uc0dd\uc131 \ubc0f \ub4f1\ub85d\ud569\ub2c8\ub2e4.<\/del><\/p>\n
docker-registry \uc5d0\ub294 \uc77c\ubc18 \ub3c4\uba54\uc778\uc744 \ubd99\uc5ec\uc57c \ud558\uace0,
\nLet’s Encrypt \uac19\uc740 \uc778\uc99d\uc11c\ub97c \ubd99\uc5ec\uc57c \ud569\ub2c8\ub2e4.<\/p>\n
\uc544\ub2c8\uba74 \uad00\ub9ac\uc0c1 \ub9e4\uc6b0 \uace4\ub780\ud574\uc9d1\ub2c8\ub2e4.<\/p>\n
\uc544\ub798 \ub0b4\uc6a9\uc740 \uc0d8\ud50c\uc6a9\uc73c\ub85c \ub194\ub450\uae30\ub294 \ud558\ub294\ub370… \uc4f0\uc9c0\ub294 \ub9c8\uc2dc\uae30 \ubc14\ub78d\ub2c8\ub2e4.<\/p>\n
docker-registry \uc218\uc815<\/h2>\n
vi docker-registry.yaml\n---------------------------\napiVersion: apps\/v1\nkind: StatefulSet\nmetadata:\n  name: docker-repository\n  namespace: repository\nspec:\n  serviceName: docker-repository\n  replicas: 1\n  selector:\n    matchLabels:\n      app: docker-repository\n  template:\n    metadata:\n      labels:\n        app: docker-repository\n    spec:\n      containers:\n      - name: docker-repository\n        image: registry:2.7.1\n        ports:\n        - name: http-port\n          containerPort: 5000\n        env:\n        - name: REGISTRY_HTTP_ADDR\n          value: 0.0.0.0:5000\n        - name: REGISTRY_HTTP_TLS_CERTIFICATE\n          value: \/ssl\/repository.crt\n        - name: REGISTRY_HTTP_TLS_KEY\n          value: \/ssl\/repository.key\n        volumeMounts:\n        - name: private-rootca-crt\n          mountPath: \/etc\/ssl\/certs\/repository.pem\n          subPath: rootCA.crt\n          readOnly: true\n        - name: repository-pemstore\n          mountPath: \/ssl\/\n          readOnly: true\n        - name: docker-repository-vol\n          mountPath: \/var\/lib\/registry\n      volumes:\n      - name: private-rootca-crt\n        configMap:\n          name: private-rootca.crt\n      - name: repository-pemstore\n        configMap:\n          name: repository-pemstore\n      - name: docker-repository-vol\n        hostPath:\n          path: \/docker-registry\n          type: DirectoryOrCreate\n\n---\n\napiVersion: v1\nkind: Service\nmetadata:\n  name: docker-repository\n  namespace: repository\nspec:\n  type: ClusterIP\n  ports:\n    - name: https\n      port: 443\n      targetPort: 5000\n  selector:\n    app: docker-repository\n---------------------------<\/code><\/pre>\n
kubectl apply -f docker-registry.yaml<\/code><\/pre>\n
kubectl get svc -n repository\nNAME                TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)          AGE\ndocker-repository   ClusterIP   10.106.136.116   <none>        443\/TCP          7m55s<\/code><\/pre>\n
cat \/etc\/hosts\n127.0.0.1       localhost\n10.106.136.116  docker-repository.repository.svc.cluster.local<\/code><\/pre>\n
curl https:\/\/docker-repository.repository.svc.cluster.local\/v2\/<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"
Kubernetes – Private Docker Repository \uc124\uce58 Private Docker Repository \ub97c \uc124\uce58\ud569\ub2c8\ub2e4. volume \uc740 \ud3b8\uc758\uc0c1 hostPath \ub85c \ud569\ub2c8\ub2e4. namespace \uc0dd\uc131 kubectl create namespace repository docker-registry \uc0dd\uc131 vi docker-registry.yaml ————————— apiVersion: apps\/v1 kind: StatefulSet metadata: name: docker-repository namespace: repository spec: serviceName: docker-repository replicas: 1 selector: matchLabels: app: docker-repository template: metadata: labels: app: docker-repository spec: containers: – name:\u2026 Read More »<\/a><\/span><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[17],"tags":[],"class_list":["post-6840","post","type-post","status-publish","format-standard","hentry","category-kubernetes"],"_links":{"self":[{"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/6840","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=6840"}],"version-history":[{"count":14,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/6840\/revisions"}],"predecessor-version":[{"id":7485,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=\/wp\/v2\/posts\/6840\/revisions\/7485"}],"wp:attachment":[{"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=6840"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=6840"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.skyer9.pe.kr\/wordpress\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=6840"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}