registry 容器化部署

單例方式

[root@ registy-k8s-deploy]# cat docker-registry-internal.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: registry-config-internal
  namespace: kube-system
data:
  config.yml: |+
    version: 0.1
    log:
      level: debug
      fields:
        service: registry
    storage:
        cache:
            layerinfo: inmemory
            blobdescriptor: inmemory
        filesystem:
            rootdirectory: /var/lib/registry
        maintenance:
            uploadpurging:
                enabled: false
        delete:
            enabled: true
    http:
        addr: :80
        secret: placeholder
        host: https://hub.cloud.pub
        debug:
            addr: :5001
        #如果有vip的話，tls加密放在vip的nginx端，如果沒有則打開下面的tls註釋並掛載包含domain.crt和domain.key的hub.cloud.pub目錄至容器內
        tls:
            certificate: /etc/registry/domain.crt
            key: /etc/registry/domain.key

---
apiVersion: v1
kind: ConfigMap
data:
  domain.crt: "-----BEGIN CERTIFICATE-----\r\nMIIFhzCCA2+gAwIBAgIJAILSreXM0r8hMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNV\r\nBAYTAlhYMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAaBgNVBAoME0RlZmF1bHQg\r\nQ29tcGFueSBMdGQxFjAUBgNVBAMMDWh1Yi5jbG91ZC5wdWIwHhcNMTcxMTA4MDc1\r\nNjA0WhcNMjcxMTA2MDc1NjA0WjBaMQswCQYDVQQGEwJYWDEVMBMGA1UEBwwMRGVm\r\nYXVsdCBDaXR5MRwwGgYDVQQKDBNEZWZhdWx0IENvbXBhbnkgTHRkMRYwFAYDVQQD\r\nDA1odWIuY2xvdWQucHViMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA\r\nwZqcDfVmHH4SNcHxEsWQV0wSONpe6pSM6/cBYhErLJe8fVXH8DM/YlgNO0bHyb5O\r\nRlYLESGSUIe4K27AIVWuD/N9vHXVyWkv0/EeTuW8qP7yA8FHLvygDvMl6rkhe6h8\r\nwst1Zd6Al4PaFFs5M/P/+RwlydkNBBtcSbzoJAVkUIpiogVJ/vE70v/kVit3dTi2\r\nZ243JE/bvEFZSX0NeMQP4n5znTYO8OAYqpHlGSxZMz+FimannVlyxqYzUV/0ZmoZ\r\n1n96247/vFlMGduNGa1nGmfWZMNUy5D/1Oad+JY4ucGAaHLde/uFOrENvt5xZU75\r\nO1L+eWrLA4h43ddHR8UiOwAJH5vZlx5zIiOARiAkHN9lHj6SPAIz10hb6C2qqhMh\r\njz8uf2OIm9ESO3yB86JX2p+DLf8mR66sPYV5J+fXMh7pePU3FXCHMIw7Bwr6q4Dn\r\nLvrDpLBA3eBCETdRHu8xaTS5QfsmaTQkgJmE99DRuT+SWkUvMcQFmJti3m3HyB+X\r\nmD+vOD/QFKdzPDwX+8r493ARKbLu5Cbh/uIuCRk43nZhYFI0/FhonbMpkhgbpFzn\r\nWs4xh2T7DfTC8krWr6GT1efcsD7Gc0HEX7xz5b2IkdQ2TT0oiTJ+1Fo+zNDDZVCW\r\nHj3ihv8kW1J8iFJgkplbqp5ARf4HtwQCJeZFhuaaFY0CAwEAAaNQME4wHQYDVR0O\r\nBBYEFP+szb509E4cH8H2RRoh4eNMwl15MB8GA1UdIwQYMBaAFP+szb509E4cH8H2\r\nRRoh4eNMwl15MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBAExI5ek8\r\n5VWZG7JbrXFRSCxfynj7OH6ZZOEZUZtVDv9RURUbKzSb6cqcm+/0bnhTtk1dVRRc\r\niXLwls7rLVGEGQjswVNFbX064bp+IJL31q3Ga2VAYUMnd+Fq7Ggp4wNuWN2Ke1rc\r\nlWr8ViKwKWAxnrQmuDQAmDgEch3I0509gkcZElRSoh/pfTjN97GeTkkQyQsB94Ni\r\nrDhv/lFxDB9Tt2IbmR/ihlBcaxBCUHx1GUBQNUKKQFnCYUtGYS0pCrZUJnpGwmYr\r\nTgCOgRWjq/ZWxSDeP2WLaJpVl96ZS+rnCO74XYKBtA487trzmLPzj1TFTbYS1rjl\r\nlYmOoGlVd7v7V8/E12DcXGVjCKRrGguhbHfNSna9mOieol7f8HQCJk59p47OS3k/\r\nqbYWmfU8Hauvgm6jRWXsR9UMGqo/8zadxhdLOKvyHSo9aM/1DiF29mxS+/1poB9H\r\nk9PbRQy3aIAE+/kuIOjezGh/p45qrSfN0bYwtoA8ahqG4VcxMbYyg7+99F+Lo96V\r\nKpsoFY6C1VLsIlY6GA59BFA8AjUPeDvsICdlyWgkPYXKFo81s5+101J4ZjBGIGjo\r\n+pRx7+WEpXV7Js2a5/Qs2QQ4SG37SeYBaRfFAJLpe5Q0pkVIPJNwjHrDgONP61Si\r\nqMRrW2+TWgALHKl2tCS1PdrQpxOHlJ1L8Wrz\r\n-----END
    CERTIFICATE-----"
  domain.key: "-----BEGIN PRIVATE KEY-----\r\nMIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDBmpwN9WYcfhI1\r\nwfESxZBXTBI42l7qlIzr9wFiESssl7x9VcfwMz9iWA07RsfJvk5GVgsRIZJQh7gr\r\nbsAhVa4P8328ddXJaS/T8R5O5byo/vIDwUcu/KAO8yXquSF7qHzCy3Vl3oCXg9oU\r\nWzkz8//5HCXJ2Q0EG1xJvOgkBWRQimKiBUn+8TvS/+RWK3d1OLZnbjckT9u8QVlJ\r\nfQ14xA/ifnOdNg7w4BiqkeUZLFkzP4WKZqedWXLGpjNRX/RmahnWf3rbjv+8WUwZ\r\n240ZrWcaZ9Zkw1TLkP/U5p34lji5wYBoct17+4U6sQ2+3nFlTvk7Uv55assDiHjd\r\n10dHxSI7AAkfm9mXHnMiI4BGICQc32UePpI8AjPXSFvoLaqqEyGPPy5/Y4ib0RI7\r\nfIHzolfan4Mt/yZHrqw9hXkn59cyHul49TcVcIcwjDsHCvqrgOcu+sOksEDd4EIR\r\nN1Ee7zFpNLlB+yZpNCSAmYT30NG5P5JaRS8xxAWYm2LebcfIH5eYP684P9AUp3M8\r\nPBf7yvj3cBEpsu7kJuH+4i4JGTjedmFgUjT8WGidsymSGBukXOdazjGHZPsN9MLy\r\nStavoZPV59ywPsZzQcRfvHPlvYiR1DZNPSiJMn7UWj7M0MNlUJYePeKG/yRbUnyI\r\nUmCSmVuqnkBF/ge3BAIl5kWG5poVjQIDAQABAoICABhhXPeRCKvb4HUumCoyAOxN\r\nYxoPvdYyoNBySZVM7i/uZ8kszUHdYkUDK59kWXJ5aagH29rrbF6ByNqHVuCbxpCx\r\nrArYl/SGL4S0H4n1+l0ZxeZdJ5auL4XSbtrxN1s4K4XoUz9h1rW93++iUUDOoFSB\r\ni+ywTahPvb53cJBgsXJHCwa2PcxCGrOGj/2d+awkWSwLQBxthhFd9V2AxvqHTizK\r\nmcqZbSY+QjzwpHYYFJ+Uhz+Xj9IL2p1TfrDnsYJYKCrP4OvXRTM115SGBm3OXWaA\r\n3wnPY1VDTERGSmxslnYl/QKqPGQJl4x9kWqQ3pzQZihnWi52GVy3iej93DcYhyfI\r\nxQR4Zpqw/2x73oT4N64f5a+R0gCEIEUr+xK6KBKhLs9DB6tGhevFthMVhjgTz7rh\r\nyUprQYtlVlZyxExvoB8EdbJAfC1ft6gLsEl11SGBYkkNDAVaiAMga+ooaq8f716p\r\n0a9vS+98Z5IA8fRy0HLeMrcymJlt6ttNgWQpfpBzNbm4iJJ8m8KBFP37Aj85Re92\r\nWDnVWryL4BlOimWrjW/wW3R5/v/rBzbnKEQk+jZQa1lI3TCCQ3tmWUWfr35ZmGEO\r\nveI76BDzgP3wWEvhJQoEQl8nse0PM8TFtqROIUyX3LGpzrFLSYVG27uRvVbzdjcf\r\n38nNJJtfzhoEO57kX9JNAoIBAQDpxyhbpjsYfk2fKl5eyr700tZ68XZzcAnYdY7H\r\nscYkVbVPGXbTuSrzYj5i1I6ayGm9uKWK6pey7VGUR2Dm6p5kwS+S8skoo4Tn1zGw\r\n0o4LxsR+XCo9BHKz58kByF09bvTog1Jn2+mu5lNedEZL1shkpchSsPan4vfq1m3D\r\nC2C3oeiXy3B6K3/KqgDK4rbS7D5Y9BLxmrqN+wgJdvnglH1xTzuci7n1Ymh7BrPz\r\nNGiOhP4h8gVGPejmw/sgqo/i5tWlFqGEYabi4dKfSn06HGFFJ3puTiYSwv7cdLqZ\r\nj/ezjS2dH7FveILEqIrQYUx7cm5YAyD48xoO3c8gSrz+mdonAoIBAQDUAdeRQEKx\r\nbQuBK+kY5Uh22GZdP1yN5yep5dS5DCD4Zgh4qTuc9M9ErOSjhDa3mWhV87hMp21j\r\nowLcqu5uX3uLm1BrZ3JoDhyiPUWrGRdkkacmG2hBgEyDVCdBstUntafoUZDf9WN/\r\n79dKwxpHIamVnAhOYLMzFJmrCWUho+6APf5fwu464xzC/m2JtMAZLE7/HVTeSGjL\r\niUf48/lqnESM++hs+ATv8IcZFLa2H44ccESIj74wmyiIt6dStejOsKQZfTnCC88l\r\nCUe+s5dOsVtq+IIITDwRKP2dcmkrRVWxV+3aCsuS3zoY2uTtE+FPqRHmTLnpzVis\r\nA+37EH+F1acrAoIBAGp+HLZTLQxlTLq6tC5+MSqZeLaclBbV7MY8FwSEyPv4RxV3\r\nRhgAe75O/JhMt4Fu1ixklpSHdP8++DCRq2TFb8356tAH5PasNnjeIHaqE6btrsjY\r\n9yzAf/fQGFLFkSPRDaN1Xu6M0RCpP0UBtpwJhVPD6VMx5cporALAF1QINNCx4qBz\r\nPhOJCTeq5Z2GVT4T+/rNhGumzmCq/+g/2GgjfFlHfKI9TEKpx2pzjTm2oAJ8NsAD\r\n3b83qIamtBkXWWBFQwFnI8CIM1ua/zUs24rDLtQvvafN1a4qQarvSal2WaHjJ+ox\r\na8SZowgutr1h9VMut3FES5rcMvyesiHFqf5Y23UCggEBAIjWV4jM7T8PnulUqjMD\r\nam4q5ocxKk/87sDeMxrtFSq+0KDwuiVobY9p+HkCET8XqRwxHrd7KUOyJ1q+iP58\r\naoWFTbbFIja/RQQCgEEbBNpImJYkAnqkkL4DRwNEpgfnW+S7IMMs43fkGhWLMB7R\r\nP1/tQf80svU5SqX2fmvkH0BuwwyUCKfBhwLkrVbAb2zQCHzpNanzGpCknuu0rTt+\r\neVB2F2KeArHLkadCk1uhqlv4qoNqI9vDiboUr87W0tj1cjVxeiIg9SZ2gvQ3fmWw\r\nW80DcQpiCjMZPfitq+vd6J16n26ooRS/OARq5G+Q8VA1U/RNeYHKpH0CXEw8LdL4\r\nP9kCggEBAIokwDcH/o5MHTclOdsCrRMwzxh4/7aBEnDi97aNh/bf7ol1zxAA86dK\r\nAFL4eNkpxUdM4+CNapQBNJ81Y3grQHPT0rjPr+ztSziky2dQM2t4z0ovrW7DfOV5\r\nQnPySxKEOfGvRstxcfnZliGu6XFpUwkD0EOiGUT2fUtJIdf5TRWMpM5VOmCTRvaJ\r\nO3bEp4F4jEhOfuOIreoEnDq0WakNaCN3L05IudC4VuamAOikuRNTxOzJdUFnNLu5\r\nLJPpjYTuDy1+gsTzBFC4iotzZyelRsgzBsAFxJRVQkuDr8hzBCA88QwthZmCXgn6\r\nkrW8ROr2cTLS85xiZQFDYbHbx0CutSA=\r\n-----END
    PRIVATE KEY-----"
metadata:
  name: tls
  namespace: kube-system

---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: registry-internal
  namespace: kube-system
  labels:
    app: registry
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: registry
    spec:
      nodeSelector:
        host_name: POC_0003
      containers:
        - name: registry
          image: "registry:2.6.2"
          imagePullPolicy: IfNotPresent
          command:
          - /bin/registry
          - serve
          - /etc/docker/registry/config.yml
          ports:
          # 如果有VIP，則把https證書配置在VIP側，VIP的443端口映射到registry的80端口
#            - containerPort: 80
#              hostPort: 80
#              name: port80
          # 如果是單例模式，沒有VIP，則使用如下的配置,同時config.yml的tls證書要配置
            - containerPort: 80
              hostPort: 443
              name: port443

          volumeMounts:
            - name: data
              mountPath: /var/lib/registry/
            - name: registry-config-internal
              mountPath: /etc/docker/registry
            - name: tls
              mountPath: /etc/registry
      volumes:
        - name: registry-config-internal
          configMap:
            name: registry-config-internal
        - name: data
          hostPath:
            path: /Docker
        - name: tls
          configMap:
            name: tls
[root@registy-k8s-deploy]#

2個實例方式：

[root@registy-k8s-deploy]# cat docker-registry-internal.yaml.double

apiVersion: v1
kind: ConfigMap
metadata:
  name: registry-config-internal
  namespace: kube-system
data:
  config.yml: |+
    version: 0.1
    log:
      level: debug
      fields:
        service: registry
    storage:
        cache:
            layerinfo: inmemory
            blobdescriptor: inmemory
        filesystem:
            rootdirectory: /var/lib/registry
        maintenance:
            uploadpurging:
                enabled: false
        delete:
            enabled: true
    http:
        addr: :80
        secret: placeholder
        host: https://hub.cloud.pub
        debug:
            addr: :5001
        #如果有vip的話，tls加密放在vip的nginx端，如果沒有則打開下面的tls註釋並掛載包含domain.crt和domain.key的hub.cloud.pub目錄至容器內
        #tls:
        #    certificate: /etc/registry/domain.crt
        #    key: /etc/registry/domain.key

---

apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: registry-internal
  namespace: kube-system
  labels:
    app: registry
spec:
  replicas: 1
  template:
    metadata:
      labels:
        app: registry
    spec:
      nodeSelector:
        caas_cluster: registry
      containers:
        - name: registry
          image: "registry:2.6.2"
          imagePullPolicy: IfNotPresent
          command:
          - /bin/registry
          - serve
          - /etc/docker/registry/config.yml
          ports:
          # 如果有VIP，則把https證書配置在VIP側，VIP的443端口映射到registry的80端口
            - containerPort: 80
              hostPort: 80
              name: port80
          # 如果是單例模式，沒有VIP，則使用如下的配置,同時config.yml的tls證書要配置
          #  - containerPort: 80
          #    hostPort: 443
          #    name: port443

          volumeMounts:
            - name: data
              mountPath: /var/lib/registry/
            - name: registry-config-internal
              mountPath: /etc/docker/registry
      volumes:
        - name: registry-config-internal
          configMap:
            name: registry-config-internal
        - name: data
          hostPath:
            path: /Docker


[root@ registy-k8s-deploy]#