單例方式
[root@ registy-k8s-deploy]# cat docker-registry-internal.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: registry-config-internal
namespace: kube-system
data:
config.yml: |+
version: 0.1
log:
level: debug
fields:
service: registry
storage:
cache:
layerinfo: inmemory
blobdescriptor: inmemory
filesystem:
rootdirectory: /var/lib/registry
maintenance:
uploadpurging:
enabled: false
delete:
enabled: true
http:
addr: :80
secret: placeholder
host: https://hub.cloud.pub
debug:
addr: :5001
#如果有vip的話,tls加密放在vip的nginx端,如果沒有則打開下面的tls註釋並掛載包含domain.crt和domain.key的hub.cloud.pub目錄至容器內
tls:
certificate: /etc/registry/domain.crt
key: /etc/registry/domain.key
---
apiVersion: v1
kind: ConfigMap
data:
domain.crt: "-----BEGIN CERTIFICATE-----\r\nMIIFhzCCA2+gAwIBAgIJAILSreXM0r8hMA0GCSqGSIb3DQEBCwUAMFoxCzAJBgNV\r\nBAYTAlhYMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAaBgNVBAoME0RlZmF1bHQg\r\nQ29tcGFueSBMdGQxFjAUBgNVBAMMDWh1Yi5jbG91ZC5wdWIwHhcNMTcxMTA4MDc1\r\nNjA0WhcNMjcxMTA2MDc1NjA0WjBaMQswCQYDVQQGEwJYWDEVMBMGA1UEBwwMRGVm\r\nYXVsdCBDaXR5MRwwGgYDVQQKDBNEZWZhdWx0IENvbXBhbnkgTHRkMRYwFAYDVQQD\r\nDA1odWIuY2xvdWQucHViMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA\r\nwZqcDfVmHH4SNcHxEsWQV0wSONpe6pSM6/cBYhErLJe8fVXH8DM/YlgNO0bHyb5O\r\nRlYLESGSUIe4K27AIVWuD/N9vHXVyWkv0/EeTuW8qP7yA8FHLvygDvMl6rkhe6h8\r\nwst1Zd6Al4PaFFs5M/P/+RwlydkNBBtcSbzoJAVkUIpiogVJ/vE70v/kVit3dTi2\r\nZ243JE/bvEFZSX0NeMQP4n5znTYO8OAYqpHlGSxZMz+FimannVlyxqYzUV/0ZmoZ\r\n1n96247/vFlMGduNGa1nGmfWZMNUy5D/1Oad+JY4ucGAaHLde/uFOrENvt5xZU75\r\nO1L+eWrLA4h43ddHR8UiOwAJH5vZlx5zIiOARiAkHN9lHj6SPAIz10hb6C2qqhMh\r\njz8uf2OIm9ESO3yB86JX2p+DLf8mR66sPYV5J+fXMh7pePU3FXCHMIw7Bwr6q4Dn\r\nLvrDpLBA3eBCETdRHu8xaTS5QfsmaTQkgJmE99DRuT+SWkUvMcQFmJti3m3HyB+X\r\nmD+vOD/QFKdzPDwX+8r493ARKbLu5Cbh/uIuCRk43nZhYFI0/FhonbMpkhgbpFzn\r\nWs4xh2T7DfTC8krWr6GT1efcsD7Gc0HEX7xz5b2IkdQ2TT0oiTJ+1Fo+zNDDZVCW\r\nHj3ihv8kW1J8iFJgkplbqp5ARf4HtwQCJeZFhuaaFY0CAwEAAaNQME4wHQYDVR0O\r\nBBYEFP+szb509E4cH8H2RRoh4eNMwl15MB8GA1UdIwQYMBaAFP+szb509E4cH8H2\r\nRRoh4eNMwl15MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBAExI5ek8\r\n5VWZG7JbrXFRSCxfynj7OH6ZZOEZUZtVDv9RURUbKzSb6cqcm+/0bnhTtk1dVRRc\r\niXLwls7rLVGEGQjswVNFbX064bp+IJL31q3Ga2VAYUMnd+Fq7Ggp4wNuWN2Ke1rc\r\nlWr8ViKwKWAxnrQmuDQAmDgEch3I0509gkcZElRSoh/pfTjN97GeTkkQyQsB94Ni\r\nrDhv/lFxDB9Tt2IbmR/ihlBcaxBCUHx1GUBQNUKKQFnCYUtGYS0pCrZUJnpGwmYr\r\nTgCOgRWjq/ZWxSDeP2WLaJpVl96ZS+rnCO74XYKBtA487trzmLPzj1TFTbYS1rjl\r\nlYmOoGlVd7v7V8/E12DcXGVjCKRrGguhbHfNSna9mOieol7f8HQCJk59p47OS3k/\r\nqbYWmfU8Hauvgm6jRWXsR9UMGqo/8zadxhdLOKvyHSo9aM/1DiF29mxS+/1poB9H\r\nk9PbRQy3aIAE+/kuIOjezGh/p45qrSfN0bYwtoA8ahqG4VcxMbYyg7+99F+Lo96V\r\nKpsoFY6C1VLsIlY6GA59BFA8AjUPeDvsICdlyWgkPYXKFo81s5+101J4ZjBGIGjo\r\n+pRx7+WEpXV7Js2a5/Qs2QQ4SG37SeYBaRfFAJLpe5Q0pkVIPJNwjHrDgONP61Si\r\nqMRrW2+TWgALHKl2tCS1PdrQpxOHlJ1L8Wrz\r\n-----END
CERTIFICATE-----"
domain.key: "-----BEGIN PRIVATE KEY-----\r\nMIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDBmpwN9WYcfhI1\r\nwfESxZBXTBI42l7qlIzr9wFiESssl7x9VcfwMz9iWA07RsfJvk5GVgsRIZJQh7gr\r\nbsAhVa4P8328ddXJaS/T8R5O5byo/vIDwUcu/KAO8yXquSF7qHzCy3Vl3oCXg9oU\r\nWzkz8//5HCXJ2Q0EG1xJvOgkBWRQimKiBUn+8TvS/+RWK3d1OLZnbjckT9u8QVlJ\r\nfQ14xA/ifnOdNg7w4BiqkeUZLFkzP4WKZqedWXLGpjNRX/RmahnWf3rbjv+8WUwZ\r\n240ZrWcaZ9Zkw1TLkP/U5p34lji5wYBoct17+4U6sQ2+3nFlTvk7Uv55assDiHjd\r\n10dHxSI7AAkfm9mXHnMiI4BGICQc32UePpI8AjPXSFvoLaqqEyGPPy5/Y4ib0RI7\r\nfIHzolfan4Mt/yZHrqw9hXkn59cyHul49TcVcIcwjDsHCvqrgOcu+sOksEDd4EIR\r\nN1Ee7zFpNLlB+yZpNCSAmYT30NG5P5JaRS8xxAWYm2LebcfIH5eYP684P9AUp3M8\r\nPBf7yvj3cBEpsu7kJuH+4i4JGTjedmFgUjT8WGidsymSGBukXOdazjGHZPsN9MLy\r\nStavoZPV59ywPsZzQcRfvHPlvYiR1DZNPSiJMn7UWj7M0MNlUJYePeKG/yRbUnyI\r\nUmCSmVuqnkBF/ge3BAIl5kWG5poVjQIDAQABAoICABhhXPeRCKvb4HUumCoyAOxN\r\nYxoPvdYyoNBySZVM7i/uZ8kszUHdYkUDK59kWXJ5aagH29rrbF6ByNqHVuCbxpCx\r\nrArYl/SGL4S0H4n1+l0ZxeZdJ5auL4XSbtrxN1s4K4XoUz9h1rW93++iUUDOoFSB\r\ni+ywTahPvb53cJBgsXJHCwa2PcxCGrOGj/2d+awkWSwLQBxthhFd9V2AxvqHTizK\r\nmcqZbSY+QjzwpHYYFJ+Uhz+Xj9IL2p1TfrDnsYJYKCrP4OvXRTM115SGBm3OXWaA\r\n3wnPY1VDTERGSmxslnYl/QKqPGQJl4x9kWqQ3pzQZihnWi52GVy3iej93DcYhyfI\r\nxQR4Zpqw/2x73oT4N64f5a+R0gCEIEUr+xK6KBKhLs9DB6tGhevFthMVhjgTz7rh\r\nyUprQYtlVlZyxExvoB8EdbJAfC1ft6gLsEl11SGBYkkNDAVaiAMga+ooaq8f716p\r\n0a9vS+98Z5IA8fRy0HLeMrcymJlt6ttNgWQpfpBzNbm4iJJ8m8KBFP37Aj85Re92\r\nWDnVWryL4BlOimWrjW/wW3R5/v/rBzbnKEQk+jZQa1lI3TCCQ3tmWUWfr35ZmGEO\r\nveI76BDzgP3wWEvhJQoEQl8nse0PM8TFtqROIUyX3LGpzrFLSYVG27uRvVbzdjcf\r\n38nNJJtfzhoEO57kX9JNAoIBAQDpxyhbpjsYfk2fKl5eyr700tZ68XZzcAnYdY7H\r\nscYkVbVPGXbTuSrzYj5i1I6ayGm9uKWK6pey7VGUR2Dm6p5kwS+S8skoo4Tn1zGw\r\n0o4LxsR+XCo9BHKz58kByF09bvTog1Jn2+mu5lNedEZL1shkpchSsPan4vfq1m3D\r\nC2C3oeiXy3B6K3/KqgDK4rbS7D5Y9BLxmrqN+wgJdvnglH1xTzuci7n1Ymh7BrPz\r\nNGiOhP4h8gVGPejmw/sgqo/i5tWlFqGEYabi4dKfSn06HGFFJ3puTiYSwv7cdLqZ\r\nj/ezjS2dH7FveILEqIrQYUx7cm5YAyD48xoO3c8gSrz+mdonAoIBAQDUAdeRQEKx\r\nbQuBK+kY5Uh22GZdP1yN5yep5dS5DCD4Zgh4qTuc9M9ErOSjhDa3mWhV87hMp21j\r\nowLcqu5uX3uLm1BrZ3JoDhyiPUWrGRdkkacmG2hBgEyDVCdBstUntafoUZDf9WN/\r\n79dKwxpHIamVnAhOYLMzFJmrCWUho+6APf5fwu464xzC/m2JtMAZLE7/HVTeSGjL\r\niUf48/lqnESM++hs+ATv8IcZFLa2H44ccESIj74wmyiIt6dStejOsKQZfTnCC88l\r\nCUe+s5dOsVtq+IIITDwRKP2dcmkrRVWxV+3aCsuS3zoY2uTtE+FPqRHmTLnpzVis\r\nA+37EH+F1acrAoIBAGp+HLZTLQxlTLq6tC5+MSqZeLaclBbV7MY8FwSEyPv4RxV3\r\nRhgAe75O/JhMt4Fu1ixklpSHdP8++DCRq2TFb8356tAH5PasNnjeIHaqE6btrsjY\r\n9yzAf/fQGFLFkSPRDaN1Xu6M0RCpP0UBtpwJhVPD6VMx5cporALAF1QINNCx4qBz\r\nPhOJCTeq5Z2GVT4T+/rNhGumzmCq/+g/2GgjfFlHfKI9TEKpx2pzjTm2oAJ8NsAD\r\n3b83qIamtBkXWWBFQwFnI8CIM1ua/zUs24rDLtQvvafN1a4qQarvSal2WaHjJ+ox\r\na8SZowgutr1h9VMut3FES5rcMvyesiHFqf5Y23UCggEBAIjWV4jM7T8PnulUqjMD\r\nam4q5ocxKk/87sDeMxrtFSq+0KDwuiVobY9p+HkCET8XqRwxHrd7KUOyJ1q+iP58\r\naoWFTbbFIja/RQQCgEEbBNpImJYkAnqkkL4DRwNEpgfnW+S7IMMs43fkGhWLMB7R\r\nP1/tQf80svU5SqX2fmvkH0BuwwyUCKfBhwLkrVbAb2zQCHzpNanzGpCknuu0rTt+\r\neVB2F2KeArHLkadCk1uhqlv4qoNqI9vDiboUr87W0tj1cjVxeiIg9SZ2gvQ3fmWw\r\nW80DcQpiCjMZPfitq+vd6J16n26ooRS/OARq5G+Q8VA1U/RNeYHKpH0CXEw8LdL4\r\nP9kCggEBAIokwDcH/o5MHTclOdsCrRMwzxh4/7aBEnDi97aNh/bf7ol1zxAA86dK\r\nAFL4eNkpxUdM4+CNapQBNJ81Y3grQHPT0rjPr+ztSziky2dQM2t4z0ovrW7DfOV5\r\nQnPySxKEOfGvRstxcfnZliGu6XFpUwkD0EOiGUT2fUtJIdf5TRWMpM5VOmCTRvaJ\r\nO3bEp4F4jEhOfuOIreoEnDq0WakNaCN3L05IudC4VuamAOikuRNTxOzJdUFnNLu5\r\nLJPpjYTuDy1+gsTzBFC4iotzZyelRsgzBsAFxJRVQkuDr8hzBCA88QwthZmCXgn6\r\nkrW8ROr2cTLS85xiZQFDYbHbx0CutSA=\r\n-----END
PRIVATE KEY-----"
metadata:
name: tls
namespace: kube-system
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: registry-internal
namespace: kube-system
labels:
app: registry
spec:
replicas: 1
template:
metadata:
labels:
app: registry
spec:
nodeSelector:
host_name: POC_0003
containers:
- name: registry
image: "registry:2.6.2"
imagePullPolicy: IfNotPresent
command:
- /bin/registry
- serve
- /etc/docker/registry/config.yml
ports:
# 如果有VIP,則把https證書配置在VIP側,VIP的443端口映射到registry的80端口
# - containerPort: 80
# hostPort: 80
# name: port80
# 如果是單例模式,沒有VIP,則使用如下的配置,同時config.yml的tls證書要配置
- containerPort: 80
hostPort: 443
name: port443
volumeMounts:
- name: data
mountPath: /var/lib/registry/
- name: registry-config-internal
mountPath: /etc/docker/registry
- name: tls
mountPath: /etc/registry
volumes:
- name: registry-config-internal
configMap:
name: registry-config-internal
- name: data
hostPath:
path: /Docker
- name: tls
configMap:
name: tls
[root@registy-k8s-deploy]#
2個實例方式:
[root@registy-k8s-deploy]# cat docker-registry-internal.yaml.double
apiVersion: v1
kind: ConfigMap
metadata:
name: registry-config-internal
namespace: kube-system
data:
config.yml: |+
version: 0.1
log:
level: debug
fields:
service: registry
storage:
cache:
layerinfo: inmemory
blobdescriptor: inmemory
filesystem:
rootdirectory: /var/lib/registry
maintenance:
uploadpurging:
enabled: false
delete:
enabled: true
http:
addr: :80
secret: placeholder
host: https://hub.cloud.pub
debug:
addr: :5001
#如果有vip的話,tls加密放在vip的nginx端,如果沒有則打開下面的tls註釋並掛載包含domain.crt和domain.key的hub.cloud.pub目錄至容器內
#tls:
# certificate: /etc/registry/domain.crt
# key: /etc/registry/domain.key
---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: registry-internal
namespace: kube-system
labels:
app: registry
spec:
replicas: 1
template:
metadata:
labels:
app: registry
spec:
nodeSelector:
caas_cluster: registry
containers:
- name: registry
image: "registry:2.6.2"
imagePullPolicy: IfNotPresent
command:
- /bin/registry
- serve
- /etc/docker/registry/config.yml
ports:
# 如果有VIP,則把https證書配置在VIP側,VIP的443端口映射到registry的80端口
- containerPort: 80
hostPort: 80
name: port80
# 如果是單例模式,沒有VIP,則使用如下的配置,同時config.yml的tls證書要配置
# - containerPort: 80
# hostPort: 443
# name: port443
volumeMounts:
- name: data
mountPath: /var/lib/registry/
- name: registry-config-internal
mountPath: /etc/docker/registry
volumes:
- name: registry-config-internal
configMap:
name: registry-config-internal
- name: data
hostPath:
path: /Docker
[root@ registy-k8s-deploy]#