Skip to content

Instantly share code, notes, and snippets.

@Vertiwell
Last active November 22, 2021 03:46
Show Gist options
  • Save Vertiwell/a029265f22ff6a94e54a6d717e97c8eb to your computer and use it in GitHub Desktop.
Save Vertiwell/a029265f22ff6a94e54a6d717e97c8eb to your computer and use it in GitHub Desktop.
docker-registry.sh
#!/bin/bash
### Deploying Docker Registry on Kubernetes for Debian/Ubuntu based OS
## Baseline Guide: https://www.nearform.com/blog/how-to-run-a-public-docker-registry-in-kubernetes/
# Type of Deployment: Script
#
### Minimum Requirements ###
## Three Worker Node Cluster (Tested on K0s, K3s, K8s)
## A Storage Backend (Tested on Ceph, OpenEBS, Longhorn)
## Cert-Manager - See Script
#
## The following base packages are required:
# Docker.io is required to login to the local private repository
apt-get install docker.io -y && \
# Password generator
apt-get install pwgen -y && \
# Htpasswd is used to create and update the flat-files used to store usernames and password
apt-get install apache2-utils -y && \
### Installation ###
## Set Variables:
n=1
# Create a username for the registry (to be saved and this file deleted)
export DUSER=$(pwgen -csn 24 1) && echo "Registry Username: "$DUSER"" > temp-pass-registry && \
# Create a password for the registry (to be saved and this file deleted)
export DPASS=$(pwgen -csn 24 1) && echo "Registry Password: "$DPASS"" >> temp-pass-registry && \
# Create folders for private registry (to house any custom images/applications)
mkdir ~/docker-registry; mkdir ~/docker-registry/auth; mkdir ~/docker-registry/data; \
# Create a password file to be loaded into Kubernetes
htpasswd -Bbc ~/docker-registry/auth/registry.password $DUSER $DPASS && \
# Create Namespace
kubectl create ns registry && \
# Add this password file to the K3S cluster using a secret
kubectl create secret -n registry generic docker-registry-htpasswd --from-file ~/docker-registry/auth/registry.password && \
# Create Service
cat <<EOF >docker-registry-service.yaml
apiVersion: v1
kind: Service
metadata:
name: docker-registry-service
namespace: registry
spec:
selector:
app: docker-registry
ports:
- protocol: TCP
port: 5000
EOF
# Apply Service
kubectl apply -f docker-registry-service.yaml && \
# Create Deployment
cat <<EOF >docker-registry-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: docker-registry
namespace: registry
labels:
app: docker-registry
spec:
replicas: 1
selector:
matchLabels:
app: docker-registry
template:
metadata:
labels:
app: docker-registry
spec:
containers:
- name: docker-registry
image: registry
ports:
- containerPort: 5000
volumeMounts:
- name: storage
mountPath: ~/docker-registry/data
- name: htpasswd
mountPath: ~/docker-registry/auth
env:
- name: REGISTRY_AUTH
value: htpasswd
- name: REGISTRY_AUTH_HTPASSWD_REALM
value: Docker Registry
- name: REGISTRY_AUTH_HTPASSWD_PATH
value: ~/docker-registry/auth/registry.password
- name: REGISTRY_STORAGE_DELETE_ENABLED
value: "true"
volumes:
- name: storage
emptyDir: {}
- name: htpasswd
secret:
secretName: docker-registry-htpasswd
EOF
# Apply Deployment
kubectl apply -f docker-registry-deployment.yaml && \
# Wait until Registry is running before moving on
ROLLOUT_STATUS_CMD="kubectl rollout status -w --timeout=300s deployment/docker-registry -n registry"
until $ROLLOUT_STATUS_CMD || [ $n -eq 300 ]; do
$ROLLOUT_STATUS_CMD
n=$((n + 1))
sleep 5
done
# Cleanup
rm docker-*
# Wipe Everything
# kubectl delete ns registry
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment