This guide will walk you through the steps to setting up
a password protected Docker Registry and Nginx
Ingress controller on your laptop or workstation.
You'll need a Docker client, Minikube, Helm and
Kubernetes client (kubectl).
Requirements
Docker:
Install Docker
Toolbox to get a Docker client used to talk to Minikube's
built-in Docker engine.
Kubectl:
Follow the instructions at Installing
and Setting up kubectl to install kubectl. kubectl is the general
purpose CLI client for inspecting and manipulating a kubernetes cluster.
Minikube:
Install Minikube
Helm:
Install Helm
Run Kubernetes using Minikube
Start Minikube with a generous helping of resources if you run large
work loads. For me that means running 4 cpus, 6 GB of RAM and 100
GB Storage. Another key is to add an insecure registry flag so
docker will push to our registry over plaintext http port 80.
Requests to registry.minikube.st81ess.com will resolve to your
local Minikube ingress address, 192.168.99.100, and
Nginx ingress controller will route the request to a backing
registry service using the hostname provided.
*.minikube.st81ess.com has been setup to resolves to
192.168.99.100. *.minikube.st81ess.com is a flexible wildcard DNS
useful in a typical Minikube environments to route into http/https
Ingress resources within K8S. If you have your own domain, you can create
*.minikube.mydomain.com to do the same. Feel free to do so, we'll
be using registry.minikube.st81ess.com in these examples, which
will point to your local Minikube virtualbox.
Run a local private registry
Add a chart repo and initialize helm. Feel free to checkout my charts repo to view the contents of these charts.
helm init ; kubectl rollout status -w deployment/tiller-deploy--namespace=kube-system
Create a username and password for your registry. In this case,
we'll create a user named admin, but feel free to call it what you
want. Next, add the secret to the cluster.
Start a private local registry deployment that Kubernetes keeps
alive even if the container dies. It's sitting behind an Nginx ingress
controller that provides basic authentication. Basic authentication
is helpful tool when deploying services like a registry over
the public internet. In those cases, we also need to be sure to
use https connection. I often use kube-lego, or Kubernetes Let's
Encrypt for this purpose. In this case, all the traffic is local,
so we'll stick to http. The minikube-registry is a parent chart
that contains Nginx ingress controller, a Docker registry and a
dashboard. The chart doesn't have any resources of its own, it
simply depends on sub-charts that do. We are reusing the building
blocks on the
excellent kubernetes
charts repo.
helm installlakowske/minikube-registry
To import the Docker environment into your current shell.
Now run a deployment in Kubernetes using the image located on your
local registry.
kubectl run hello-node --image=registry.minikube.st81ess.com:80/hello-node--port=8888
Conclusion
You should now have a deployment of your image, in my case hello-node, running using your
private local registry, Kubernetes and Docker. You can verify by
running