INT 21h
Kaptain.
Telegram /
LinkedIn /
Email /
GIT /
RSS /
GPG /
Заказ печатных плат
Надежный хостинг в Селектел
Private Docker Registry in DigitalOcean Kubernetes with s3 storage in Spaces 
№ 10420 В разделе
Sysadmin
от December 4th, 2019,
В подшивках: DigitalOcean, Docker, Kubernetes
Prepare Configmap with auth information. Use command htpasswd -Bbn vlad 123 to create login and password for users. No need to restart all pods of registry to apply changes. May be you want to store it in Secret resource, at your choice.
Example:
---
apiVersion: v1
kind: ConfigMap
metadata:
creationTimestamp: null
name: registry-auth
data:
htpasswd: |
vlad:$2y$05$anFCx3pAPG/BNxPsEKcau.LPKjWFN7hHkoXbvIMp7Jie97uYafuSq
Now create bucket my-own-registry in Spaces with access key id and secret key. Do not forget to set http_secret and nodeSelector. http_secret required if you want multiple pods.
Example:
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: registry
spec:
replicas: 2
template:
metadata:
labels:
name: registry
spec:
containers:
- name: registry
image: registry:2
ports:
- name: registry
containerPort: 5000
volumeMounts:
- mountPath: /auth
name: auth
env:
- name: REGISTRY_STORAGE_DELETE_ENABLED
value: "true"
- name: REGISTRY_HEALTH_STORAGEDRIVER_ENABLED
value: "false"
- name: REGISTRY_AUTH
value: "htpasswd"
- name: REGISTRY_AUTH_HTPASSWD_REALM
value: "Registry Realm"
- name: REGISTRY_AUTH_HTPASSWD_PATH
value: /auth/htpasswd
- name: REGISTRY_STORAGE
value: "s3"
- name: REGISTRY_STORAGE_S3_ACCESSKEY
value: "TVV3WXZ233MEPEBXFP7X"
- name: REGISTRY_STORAGE_S3_SECRETKEY
value: "ERlofd+hb9Ps1oBR5jUJuPa9NIMRSLxvUyulKJnt8S0"
- name: REGISTRY_STORAGE_S3_BUCKET
value: "my-own-registry"
- name: REGISTRY_STORAGE_S3_REGION
value: "fra1"
- name: REGISTRY_STORAGE_S3_REGIONENDPOINT
value: "https://fra1.digitaloceanspaces.com"
- name: REGISTRY_LOG_LEVEL
value: "info"
- name: REGISTRY_HTTP_ADDR
value: "0.0.0.0:5000"
- name: REGISTRY_HTTP_SECRET
value: sexy_pony
resources:
limits:
cpu: 100m
memory: 200Mi
requests:
cpu: 50m
memory: 50Mi
volumes:
- name: auth
configMap:
name: registry-auth
nodeSelector:
doks.digitalocean.com/node-pool: infra
Last step easily shares registry. Set limit for image size in proxy-body-size, value 0 means no limits.
Example:
---
apiVersion: v1
kind: Service
metadata:
name: registry
labels:
name: registry
spec:
ports:
- port: 80
targetPort: registry
protocol: TCP
name: registry
selector:
name: registry
type: ClusterIP
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
certmanager.k8s.io/cluster-issuer: letsencrypt-prod
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/proxy-body-size: "0"
name: registry
spec:
rules:
- host: registry.k8s.blindage.org
http:
paths:
- backend:
serviceName: registry
servicePort: registry
path: /
tls:
- hosts:
- k8s.blindage.org
- '*.k8s.blindage.org'
secretName: k8s-blindage-tls
Problems:
time="2019-12-14T22:03:19.448702167Z" level=info msg="PurgeUploads starting: olderThan=2019-12-07 22:03:19.439373039 +0000 UTC m=-601559.638413974, actuallyDelete=true"
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0xc4e6bd]
Its a bug.
Последние записи
- Программа бэкапа почты imap2mbox
- Быстрое создание набора сертификатов для tls авторизации
- Крышки-пыльники для подшипника флюгера NC999BA
- Linux: как сделать сброс USB порта и переподключить устройство
- Как примонтировать и использовать файлы дисков VDI от VirtualBox в Linux
- Роутер Eltex RG-1440G-Wac: первое знакомство с российскими маршрутизаторами
Комментарии
Микроблог перейти
🇷🇺 © Vladimir Smagin, 2005-2026. Копирование материалов без разрешения запрещено. GPG *
Fortune cookie: I just got my PRINCE bumper sticker ... But now I can't remember WHO he is ...
Leave a Reply