我按照这里的指南https://www.nearform.com/blog/how-to-run-a-public-docker-registry-in-kubernetes/,but使用tls部署了私有注册表,但我未能通过测试。我很困惑,有任何建议/指南吗?
发行人的定义:
[root@qmtjj-01 ~]# cat issuer.yaml
apiVersion: certmanager.k8s.io/v1alpha1
kind: Issuer
metadata:
name: acme-issuer
spec:
acme:
email: gw5588975@gmail.com
server: https://acme-v02.api.letsencrypt.org/directory
privateKeySecretRef:
name: acme-issuer-account-key
http01: {}
[root@qmtjj-01 ~]#
服务定义:
[root@qmtjj-01 ~]# cat service_Docker_Registry.yaml
apiVersion: v1
kind: Service
metadata:
name: docker-registry
spec:
type: ClusterIP
ports:
- name: http
protocol: TCP
port: 5000
targetPort: 5000
selector:
name: docker-registry
[root@qmtjj-01 ~]#
身份验证的定义:
cat htpasswd.yaml
apiVersion: v1
kind: Secret
metadata:
name: docker-registry
type: Opaque
data:
HTPASSWD: YWRtaW46JDJ5JDA1JHRGdFo3UWJEQ0lIZDVEWHhKWl
入口的定义:
cat ingress_docker_registry.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: docker-registry
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/proxy-body-size: "0"
certmanager.k8s.io/issuer: acme-issuer
spec:
tls:
- hosts:
- registry.mydomain.com
secretName: docker-registry-tls-certificate
rules:
- host: registry.mydomain.com
http:
paths:
- backend:
serviceName: docker-registry
servicePort: 5000
status:
loadBalancer:
ingress:
- {}
吊舱的定义:
[root@qmtjj-01 ~]# cat Docker_Registry_Pod_definition.yaml
apiVersion: v1
kind: Pod
metadata:
name: docker-registry
labels:
name: docker-registry
spec:
volumes:
- name: config
configMap:
name: docker-registry
items:
- key: registry-config.yml
path: config.yml
- name: htpasswd
secret:
secretName: docker-registry
items:
- key: HTPASSWD
path: htpasswd
- name: storage
emptyDir: {}
containers:
- name: docker-registry
image: registry:2.6.2
imagePullPolicy: IfNotPresent
ports:
- name: http
containerPort: 5000
protocol: TCP
volumeMounts:
- name: config
mountPath: /etc/docker/registry
readOnly: true
- name: htpasswd
mountPath: /auth
readOnly: true
- name: storage
mountPath: /var/lib/registry
[root@qmtjj-01 ~]# cat Configuration_Docker_Registry.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: docker-registry
data:
registry-config.yml: |
version: 0.1
log:
fields:
service: registry
storage:
cache:
blobdescriptor: inmemory
filesystem:
rootdirectory: /var/lib/registry
http:
addr: :5000
headers:
X-Content-Type-Options: [nosniff]
auth:
htpasswd:
realm: basic-realm
path: /auth/htpasswd
health:
storagedriver:
enabled: true
interval: 10s
threshold: 3
[root@qmtjj-01 ~]#
cat registry.mydomain.com
apiVersion: certmanager.k8s.io/v1alpha1
kind: Certificate
metadata:
name: docker-registry
spec:
secretName: docker-registry-tls-certificate
issuerRef:
name: acme-issuer
dnsNames:
- registry.mydomain.com
acme:
config:
- http01:
ingressClass: nginx
domains:
- registry.mydomain.com
[root@qmtjj-01 ~]# cat service_Docker_Registry.yaml
apiVersion: v1
kind: Service
metadata:
name: docker-registry
spec:
type: ClusterIP
ports:
- name: http
protocol: TCP
port: 5000
targetPort: 5000
selector:
name: docker-registry
运行状态:
[root@qmtjj-01 ~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
busybox-bd8fb7cbd-wgvzj 1/1 Running 599 25d
docker-registry 1/1 Running 0 2d20h
my-nginx-nginx-ingress-controller-565bc9555b-bqfr7 1/1 Running 0 20d
my-nginx-nginx-ingress-default-backend-5bcb65f5f4-6ldk6 1/1 Running 2 20d
nginx-cdd8d77b-m7c5q 1/1 Running 0 14d
[root@qmtjj-01 ~]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
docker-registry LoadBalancer 10.32.0.112 172.24.1.173 5000:32249/TCP 2d20h
kubernetes ClusterIP 10.32.0.1 <none> 443/TCP 42d
my-nginx-nginx-ingress-controller LoadBalancer 10.32.0.209 172.24.1.171 80:30480/TCP,443:30571/TCP 20d
my-nginx-nginx-ingress-default-backend ClusterIP 10.32.0.30 <none> 80/TCP 20d
nginx LoadBalancer 10.32.0.180 172.24.1.172 80:30032/TCP 14d
[root@qmtjj-01 ~]# kubectl get ingre
error: the server doesn't have a resource type "ingre"
[root@qmtjj-01 ~]# kubectl get ingress
NAME HOSTS ADDRESS PORTS AGE
docker-registry registry.mydomain.com 80, 443 2d18h
test-ingress ingress1.stcn.com,ingress2.stcn.com,ingress.mydomain.com 80 19d
[root@qmtjj-01 ~]#