Run a Private Docker Registry with Let's Encrypt

Posted by: Seth Lakowske

Published:

This guide will walk you through the steps to setting up an environment to run Docker Registry, Nginx Ingress and kube-lego (Let's Encrypt) on GKE (Google Kubernetes Engine). You'll need to install Docker, Helm and Kubernetes client (kubectl).

Requirements

Transition from staging to production

Be sure to clear out your old secrets from the namespace, otherwise kube-lego will reuse old certificates rather than request new. This is normally helpful so you don't hit the certicate request rate limit, but in this case, we do want to request new certificates.

Run a local private registry

Start a private local registry that Kubernetes always restarts if the container dies.
minikube addons enable registry
Turn on the ingress controller
minikube addons enable ingress
Add a chart repo.
helm repo add lakowske https://lakowske.github.io/charts
#After adding the repo, update your index. 
helm repo update
If you haven't already done so, init helm and wait for tiller
helm init ; kubectl rollout status -w deployment/tiller-deploy --namespace=kube-system
Install the dashboard ingress chart to expose the dashboard on http://dashboard.minikube.st81ess.com
helm install --namespace kube-system lakowske/minikube-dashboard-ingress
Install a registry ingress chart to expose the registry on http://registry.minikube.st81ess.com
helm install --namespace kube-system lakowske/minikube-dashboard-ingress --set ingress.host=registry.minikube.st81ess.com --set service.name=registry
Edit the nginx ingress config map and set nginx-load-balancer-conf config map proxy-body-size to 0 in the data section. This way you'll be able to upload large layers to the registry.
kubectl edit configmap --namespace kube-system nginx-load-balancer-conf
To import the Docker environment into your current shell.
eval $(minikube docker-env)
Build an image and tag it.
git clone https://bitbucket.org/seth_lakowske/hello-node.git
cd hello-node
docker build -t hello-node .
docker tag hello-node registry.minikube.st81ess.com:80/hello-node
Push the image to your local registry.
docker push registry.minikube.st81ess.com:80/hello-node
Now run a deployment in Kubernetes using the image located on your local registry.
kubectl run hello-node --image=registry.minikube.st81ess.com:80/hello-node --port=8888

Conclusion

You should now have a deployment of your image, in my case hello-node, running using your private local registry, Kubernetes and Docker. You can verify by running

kubectl get deployments
- or -
http://dashboard.minikube.st81ess.com and view your deployments.