Kubernetes with private docker registry v2
Solved this issue, the master-server by default doesn't launch your deployments. So I needed to do the following at my slave servers:
- Add the certificate to /etc/docker/certs.d/my-registry-domain.com[:port]/ca.crt
- Do docker login my-registry-domain.com[:port]
- Add the docker registry secret to Kubernetes (see https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/) --docker-server=docker-registry-domain.com/v2/ or v1 depending on what you run
- Now it will successfully pull images from the docker registry.
Hope it will help someone.
Secure regisrty Registry servser side (http://tech.paulcz.net/2016/01/deploying-a-secure-docker-registry/)1.mkdir -p /opt/registry/{data,ssl,config}2. docker run --rm \ -v /opt/registry/ssl:/certs \ -e SSL_IP=172.17.8.101 \ -e SSL_DNS=registry.local \ paulczar/omgwtfssl3.create /opt/registry/config/registry.env# location of registry dataREGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY=/opt/registry/data# location of TLK key/certREGISTRY_HTTP_TLS_KEY=/opt/registry/ssl/key.pemREGISTRY_HTTP_TLS_CERTIFICATE=/opt/registry/ssl/cert.pem# location of CA of trusted clientsREGISTRY_HTTP_TLS_CLIENTCAS_0=/opt/registry/ssl/ca.pem4.docker run -d --name registry \ -v /opt/registry:/opt/registry \ -p 443:5000 --restart always \ --env-file /opt/registry/config/registry.env \ registry:25.$ docker pull alpineUsing default tag: latestlatest: Pulling from library/alpineDigest: sha256:78a756d480bcbc35db6dcc05b08228a39b32c2b2c7e02336a2dcaa196547a41dStatus: Downloaded newer image for alpine:latest$ docker tag alpine 127.0.0.1/alpine$ docker push 127.0.0.1/alpineRegistry client side6.$ sudo mkdir -p /etc/docker/certs.d/172.17.8.101 (make in all node )$ sudo scp core@172.17.8.101:/opt/docker/registry/ca.pem \ /etc/docker/certs.d/172.17.8.101/ca.crt7.$ docker pull 172.17.8.101/alpineUsing default tag: latestlatest: Pulling from alpine340b2f9a2643: Already exists Digest: sha256:a96155be113bb2b4b82ebbc11cf1b511726c5b41617a70e0772f8180afc72fa5Status: Downloaded newer image for 172.17.8.101/alpine:latestmkdir 35.187.233.18`enter code here`2cd 35.187.233.182/rsync -avz 35.185.179.71:/opt/registry/ssl/ca.pem .mv ca.pem ca.crtdocker run --rm -v /opt/registry/ssl:/certs -e SSL_IP=35.185.179.71 -e SSL_DNS=registry.local paulczar/omgwtfssldocker run -d --name registry3 -v /opt/registry:/opt/registry -p 443:5000 --restart always --env-file /opt/registry/config/registry.env registry:2