Last active
November 22, 2021 03:46
-
-
Save Vertiwell/a029265f22ff6a94e54a6d717e97c8eb to your computer and use it in GitHub Desktop.
docker-registry.sh
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
### Deploying Docker Registry on Kubernetes for Debian/Ubuntu based OS | |
## Baseline Guide: https://www.nearform.com/blog/how-to-run-a-public-docker-registry-in-kubernetes/ | |
# Type of Deployment: Script | |
# | |
### Minimum Requirements ### | |
## Three Worker Node Cluster (Tested on K0s, K3s, K8s) | |
## A Storage Backend (Tested on Ceph, OpenEBS, Longhorn) | |
## Cert-Manager - See Script | |
# | |
## The following base packages are required: | |
# Docker.io is required to login to the local private repository | |
apt-get install docker.io -y && \ | |
# Password generator | |
apt-get install pwgen -y && \ | |
# Htpasswd is used to create and update the flat-files used to store usernames and password | |
apt-get install apache2-utils -y && \ | |
### Installation ### | |
## Set Variables: | |
n=1 | |
# Create a username for the registry (to be saved and this file deleted) | |
export DUSER=$(pwgen -csn 24 1) && echo "Registry Username: "$DUSER"" > temp-pass-registry && \ | |
# Create a password for the registry (to be saved and this file deleted) | |
export DPASS=$(pwgen -csn 24 1) && echo "Registry Password: "$DPASS"" >> temp-pass-registry && \ | |
# Create folders for private registry (to house any custom images/applications) | |
mkdir ~/docker-registry; mkdir ~/docker-registry/auth; mkdir ~/docker-registry/data; \ | |
# Create a password file to be loaded into Kubernetes | |
htpasswd -Bbc ~/docker-registry/auth/registry.password $DUSER $DPASS && \ | |
# Create Namespace | |
kubectl create ns registry && \ | |
# Add this password file to the K3S cluster using a secret | |
kubectl create secret -n registry generic docker-registry-htpasswd --from-file ~/docker-registry/auth/registry.password && \ | |
# Create Service | |
cat <<EOF >docker-registry-service.yaml | |
apiVersion: v1 | |
kind: Service | |
metadata: | |
name: docker-registry-service | |
namespace: registry | |
spec: | |
selector: | |
app: docker-registry | |
ports: | |
- protocol: TCP | |
port: 5000 | |
EOF | |
# Apply Service | |
kubectl apply -f docker-registry-service.yaml && \ | |
# Create Deployment | |
cat <<EOF >docker-registry-deployment.yaml | |
apiVersion: apps/v1 | |
kind: Deployment | |
metadata: | |
name: docker-registry | |
namespace: registry | |
labels: | |
app: docker-registry | |
spec: | |
replicas: 1 | |
selector: | |
matchLabels: | |
app: docker-registry | |
template: | |
metadata: | |
labels: | |
app: docker-registry | |
spec: | |
containers: | |
- name: docker-registry | |
image: registry | |
ports: | |
- containerPort: 5000 | |
volumeMounts: | |
- name: storage | |
mountPath: ~/docker-registry/data | |
- name: htpasswd | |
mountPath: ~/docker-registry/auth | |
env: | |
- name: REGISTRY_AUTH | |
value: htpasswd | |
- name: REGISTRY_AUTH_HTPASSWD_REALM | |
value: Docker Registry | |
- name: REGISTRY_AUTH_HTPASSWD_PATH | |
value: ~/docker-registry/auth/registry.password | |
- name: REGISTRY_STORAGE_DELETE_ENABLED | |
value: "true" | |
volumes: | |
- name: storage | |
emptyDir: {} | |
- name: htpasswd | |
secret: | |
secretName: docker-registry-htpasswd | |
EOF | |
# Apply Deployment | |
kubectl apply -f docker-registry-deployment.yaml && \ | |
# Wait until Registry is running before moving on | |
ROLLOUT_STATUS_CMD="kubectl rollout status -w --timeout=300s deployment/docker-registry -n registry" | |
until $ROLLOUT_STATUS_CMD || [ $n -eq 300 ]; do | |
$ROLLOUT_STATUS_CMD | |
n=$((n + 1)) | |
sleep 5 | |
done | |
# Cleanup | |
rm docker-* | |
# Wipe Everything | |
# kubectl delete ns registry |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment