docker-registry.sh

gistfile1.txt

#!/bin/bash
### Deploying Docker Registry on Kubernetes for Debian/Ubuntu based OS
## Baseline Guide: https://www.nearform.com/blog/how-to-run-a-public-docker-registry-in-kubernetes/
# Type of Deployment: Script
#
### Minimum Requirements ###
## Three Worker Node Cluster (Tested on K0s, K3s, K8s)
## A Storage Backend (Tested on Ceph, OpenEBS, Longhorn)
## Cert-Manager - See Script
#
## The following base packages are required:
# Docker.io is required to login to the local private repository
apt-get install docker.io -y && \
# Password generator
apt-get install pwgen -y && \
# Htpasswd is used to create and update the flat-files used to store usernames and password
apt-get install apache2-utils -y && \
### Installation ###
## Set Variables:
n=1
# Create a username for the registry (to be saved and this file deleted)
export DUSER=$(pwgen -csn 24 1) && echo "Registry Username: "$DUSER"" > temp-pass-registry && \
# Create a password for the registry (to be saved and this file deleted)
export DPASS=$(pwgen -csn 24 1) && echo "Registry Password: "$DPASS"" >> temp-pass-registry && \
# Create folders for private registry (to house any custom images/applications)
mkdir ~/docker-registry; mkdir ~/docker-registry/auth; mkdir ~/docker-registry/data; \
# Create a password file to be loaded into Kubernetes
htpasswd -Bbc ~/docker-registry/auth/registry.password $DUSER $DPASS && \
# Create Namespace
kubectl create ns registry && \
# Add this password file to the K3S cluster using a secret
kubectl create secret -n registry generic docker-registry-htpasswd --from-file ~/docker-registry/auth/registry.password && \
# Create Service
cat <<EOF >docker-registry-service.yaml
apiVersion: v1
kind: Service
metadata:
  name: docker-registry-service
  namespace: registry
spec:
  selector:
    app: docker-registry
  ports:
    - protocol: TCP
      port: 5000
EOF
# Apply Service
kubectl apply -f docker-registry-service.yaml && \
# Create Deployment
cat <<EOF >docker-registry-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: docker-registry
  namespace: registry
  labels:
    app: docker-registry
spec:
  replicas: 1
  selector:
    matchLabels:
      app: docker-registry
  template:
    metadata:
      labels:
        app: docker-registry
    spec:
      containers:
      - name: docker-registry
        image: registry
        ports:
        - containerPort: 5000
        volumeMounts:
        - name: storage
          mountPath: ~/docker-registry/data
        - name: htpasswd
          mountPath: ~/docker-registry/auth
        env:
        - name: REGISTRY_AUTH
          value: htpasswd
        - name: REGISTRY_AUTH_HTPASSWD_REALM
          value: Docker Registry
        - name: REGISTRY_AUTH_HTPASSWD_PATH
          value: ~/docker-registry/auth/registry.password
        - name: REGISTRY_STORAGE_DELETE_ENABLED
          value: "true"
      volumes:
      - name: storage
        emptyDir: {}
      - name: htpasswd
        secret:
         secretName: docker-registry-htpasswd
EOF
# Apply Deployment
kubectl apply -f docker-registry-deployment.yaml && \
# Wait until Registry is running before moving on
ROLLOUT_STATUS_CMD="kubectl rollout status -w --timeout=300s deployment/docker-registry -n registry"
until $ROLLOUT_STATUS_CMD || [ $n -eq 300 ]; do
   $ROLLOUT_STATUS_CMD
   n=$((n + 1))
   sleep 5
done
# Cleanup
rm docker-*
# Wipe Everything
# kubectl delete ns registry