Private Minikube Docker Registry using Helm

Posted by: Seth Lakowske

Published: 2017-12-08

This guide will walk you through the steps to setting up a password protected Docker Registry and Nginx Ingress controller on your laptop or workstation. You'll need a Docker client, Minikube, Helm and Kubernetes client (kubectl).

Requirements

Docker: Install Docker Toolbox to get a Docker client used to talk to Minikube's built-in Docker engine.
Kubectl: Follow the instructions at Installing and Setting up kubectl to install kubectl. kubectl is the general purpose CLI client for inspecting and manipulating a kubernetes cluster.
Minikube: Install Minikube
Helm: Install Helm

Run Kubernetes using Minikube

Start Minikube with a generous helping of resources if you run large work loads. For me that means running 4 cpus, 6 GB of RAM and 100 GB Storage. Another key is to add an insecure registry flag so docker will push to our registry over plaintext http port 80.

minikube start --cpus 4 --disk-size 100g --memory 6000 --insecure-registry registry.minikube.st81ess.com:80

Requests to registry.minikube.st81ess.com will resolve to your local Minikube ingress address, 192.168.99.100, and Nginx ingress controller will route the request to a backing registry service using the hostname provided.

*.minikube.st81ess.com has been setup to resolves to 192.168.99.100. *.minikube.st81ess.com is a flexible wildcard DNS useful in a typical Minikube environments to route into http/https Ingress resources within K8S. If you have your own domain, you can create *.minikube.mydomain.com to do the same. Feel free to do so, we'll be using registry.minikube.st81ess.com in these examples, which will point to your local Minikube virtualbox.

Run a local private registry

Add a chart repo and initialize helm. Feel free to checkout my charts repo to view the contents of these charts.

helm repo add lakowske https://lakowske.github.io/charts
#After adding the repo, update your index.
helm repo update
helm init ; kubectl rollout status -w deployment/tiller-deploy --namespace=kube-system

Create a username and password for your registry. In this case, we'll create a user named admin, but feel free to call it what you want. Next, add the secret to the cluster.

htpasswd -c auth admin
kubectl create secret generic registry-auth --from-file=auth

Start a private local registry deployment that Kubernetes keeps alive even if the container dies. It's sitting behind an Nginx ingress controller that provides basic authentication. Basic authentication is helpful tool when deploying services like a registry over the public internet. In those cases, we also need to be sure to use https connection. I often use kube-lego, or Kubernetes Let's Encrypt for this purpose. In this case, all the traffic is local, so we'll stick to http. The minikube-registry is a parent chart that contains Nginx ingress controller, a Docker registry and a dashboard. The chart doesn't have any resources of its own, it simply depends on sub-charts that do. We are reusing the building blocks on the excellent kubernetes charts repo.

helm install lakowske/minikube-registry

To import the Docker environment into your current shell.

eval $(minikube docker-env)

Build an image and tag it.

git clone https://bitbucket.org/seth_lakowske/hello-node.git
cd hello-node
docker build -t hello-node .
docker tag hello-node registry.minikube.st81ess.com:80/hello-node

Push the image to your local registry.

docker push registry.minikube.st81ess.com:80/hello-node

Now run a deployment in Kubernetes using the image located on your local registry.

kubectl run hello-node --image=registry.minikube.st81ess.com:80/hello-node --port=8888

Conclusion

You should now have a deployment of your image, in my case hello-node, running using your private local registry, Kubernetes and Docker. You can verify by running

kubectl get deployments

- or -
http://dashboard.minikube.st81ess.com and view your deployments.