# Deploy Private Container Registry Deploying your private container registry on your K3s to use with AWX. ## Table of Contents - [Procedure](#procedure) - [Prepare required files](#prepare-required-files) - [Deploy Private Container Registry](#deploy-private-container-registry) - [Quick Testing](#quick-testing) - [Testing with Docker](#testing-with-docker) - [Digging into the Registry](#digging-into-the-registry) - [(Optional) Use as Private Container Registry for K3s](#optional-use-as-private-container-registry-for-k3s) - [Procedure](#procedure-1) - [Testing](#testing) ## Procedure ### Prepare required files Generate a Self-Signed Certificate. Note that IP address can't be specified. ```bash REGISTRY_HOST="registry.example.com" openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -out ./registry/tls.crt -keyout ./registry/tls.key -subj "/CN=${REGISTRY_HOST}/O=${REGISTRY_HOST}" -addext "subjectAltName = DNS:${REGISTRY_HOST}" ``` Modify `hosts` and `host` in `registry/ingress.yaml`. ```yaml ... - hosts: - registry.example.com 👈👈👈 secretName: registry-secret-tls rules: - host: registry.example.com 👈👈👈 ... ``` Generate `htpasswd` string by your own username and password to use as the user for the container registry. ```bash $ kubectl run htpasswd -it --restart=Never --image httpd:2.4 --rm -- htpasswd -nbB reguser Registry123! reguser:$2y$05$VLMvcWCPF0VUuHi0BXBz7eoXGZ6KRl1gataiqTXz4DdSVIXGloKiq pod "htpasswd" deleted ``` Replace `htpasswd` in `registry/configmap.yaml` with your own `htpasswd` string that generated above. ```yaml ... htpasswd: |- reguser:$2y$05$VLMvcWCPF0VUuHi0BXBz7eoXGZ6KRl1gataiqTXz4DdSVIXGloKiq 👈👈👈 ``` Prepare directories for Persistent Volumes defined in `registry/pv.yaml`. ```bash sudo mkdir -p /data/registry ``` ### Deploy Private Container Registry Deploy Private Container Registry. ```bash kubectl apply -k registry ``` Required resources has been deployed in `registry` namespace. ```bash $ kubectl get all -n registry NAME READY STATUS RESTARTS AGE pod/registry-5b4f874b77-9gb64 1/1 Running 0 27s NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service/registry-service ClusterIP 10.43.50.156 5000/TCP 28s NAME READY UP-TO-DATE AVAILABLE AGE deployment.apps/registry 1/1 1 1 27s NAME DESIRED CURRENT READY AGE replicaset.apps/registry-5b4f874b77 1 1 1 27s ``` Now your container registry can be used through `registry.example.com` or the hostname you specified. ## Quick Testing ### Testing with Docker Add your registry as an insecure registry and restart Docker daemon. ```bash sudo tee /etc/docker/daemon.json < ------ \ \ \ ## . ## ## ## == ## ## ## ## === /""""""""""""""""___/ === ~~~ {~~ ~~~~ ~~~ ~~~~ ~~ ~ / ===- ~~~ \______ o __/ \ \ __/ \____\______/ ``` ### Digging into the Registry There is an useful CLI tool called [**reg**](https://github.com/genuinetools/reg) to dig into the container registry. ```bash # Install reg sudo curl -fSL https://github.com/genuinetools/reg/releases/download/v0.16.1/reg-linux-amd64 -o /usr/local/bin/reg sudo chmod +x /usr/local/bin/reg # List repositories and tags in the container registry reg ls -k registry.example.com reg tags -k registry.example.com/reguser/whalesay # Delete tags on the registry reg rm -k registry.example.com/reguser/whalesay:latest ``` ## (Optional) Use as Private Container Registry for K3s Optionally, this registry can also be registered as a private container registry for K3s. ### Procedure To achieve this, create a `registries.yaml` and restart K3s. ```bash sudo tee /etc/rancher/k3s/registries.yaml < ------ \ \ \ ## . ## ## ## == ## ## ## ## === /""""""""""""""""___/ === ~~~ {~~ ~~~~ ~~~ ~~~~ ~~ ~ / ===- ~~~ \______ o __/ \ \ __/ \____\______/ pod "whalesay" deleted ```