In today’s era of containerization, no matter what container we are using we need an image to run the container. Docker images are stored on container registries like Docker hub(cloud), Google Container Registry(GCR), AWS ECR, quay.io etc.
We can also self-host docker registry on any docker platform. In this blog post, we will see how to deploy docker registry on kubernetes using storage driver S3.
Access to working kubernetes cluster.
As per docker registry documentation,
We can simply start the registry using docker image
Basic parameters when deploying production registry are:
We will use htpasswd authentication for this post though registry image supports silly and token based authentication as well.
Docker registry requires applications to use SSL certificate and key in the registry. We will use kubernetes service, which terminates SSL on ELB level using annotations.
For registry storage, we can use filesystem, s3, azure, swift etc. For the complete list of options please visit docker site site.
We need to store the docker images pushed to the registry. We will use S3 to store these docker images.
Steps for deploying registry on kubernetes.
ARN of the SSL certificate to be used for SSL.
If you don’t have SSL on AWS IAM, upload it using the following command.
$aws iam upload-server-certificate --server-certificate-name registry --certificate-body file://registry.crt --private-key file://key.pem
arn for the certificate using the command.
$aws iam get-server-certificate --server-certificate-name registry | grep Arn
Create S3 bucket which will be used to store docker images using s3cmd or aws s3.
$s3cmd mb s3://myregistry Bucket 's3://myregistry/' created
Create a separate namespace, configmap, deployment and service for registry using following templates.
Let’s launch this manifest using
Now that we have created registry, we should map DNS to web service ELB endpoint. We can get the webservice ELB endpoint using the following command.
We will point DNS to this ELB endpoint with domain registry.myapp.com
Once we have registry running, now it’s time to push the image to a registry.
First, pull the image or build the image locally to push.
On local machine run following commands:
Now login to our registry using the following commands.
Now tag the image to point it to our registry using
docker tag command
$ sudo docker tag busybox registry.myapp.com/my-app:latest
Once the image is tagged we are good to push.
docker push command let’s push the image.
We are successfully able to push image to registry running on kunbernetes and stored on S3. Let’s verify if it exists on S3.
Navigate to our s3 bucket and we can see the docker registry repository
busybox has been created.
$ s3cmd ls s3://myregistry/docker/registry/v2/repositories/ DIR s3://myregistry/docker/registry/v2/repositories/busybox/
All our image related files are stored on S3.
In this way, we self-host container registry on kubernetes backed by s3 storage.