Merge pull request #1720 from aledbf/registry

Add docker-registry example [ci skip]
2017-11-17 20:34:48 -03:00 · 2017-11-17 20:34:48 -03:00 · de37e8ea89
commit de37e8ea89
parent 26e630577e 79f6afba06
4 changed files with 147 additions and 0 deletions
--- a/docs/examples/docker-registry/README.md
+++ b/docs/examples/docker-registry/README.md
@ -0,0 +1,50 @@
 # Docker registry
 This example demonstrates how to deploy a [docker registry](https://github.com/docker/distribution) in the cluster and configure Ingress enable access from Internet
 ## Deployment
 First we deploy the docker registry in the cluster:
 ```console
 kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/docs/examples/docker-registry/deployment.yaml
 ```
 **Important:** DO NOT RUN THIS IN PRODUCTION.
 This deployment uses `emptyDir` in the `volumeMount` which means the contents of the registry will be deleted when the pod dies.
 The next required step is creation of the ingress rules. To do this we have two options: with and without TLS
 ### Without TLS
 Download and edit the yaml deployment replacing `registry.<your domain>` with a valid DNS name pointing to the ingress controller:
 ```console
 wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/docs/examples/docker-registry/ingress-without-tls.yaml
 ```
 **Important:** running a docker registry without TLS requires we configure our local docker daemon with the insecure registry flag.
 Please check [deploy a plain http registry](https://docs.docker.com/registry/insecure/#deploy-a-plain-http-registry)
 ### With TLS
 Download and edit the yaml deployment replacing `registry.<your domain>` with a valid DNS name pointing to the ingress controller:
 ```console
 wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/docs/examples/docker-registry/ingress-with-tls.yaml
 ```
 Deploy [kube lego](https://github.com/jetstack/kube-lego) use [Let's Encrypt](https://letsencrypt.org/) certificates or edit the ingress rule to use a secret with an existing SSL certificate.
 ### Testing
 To test the regstry is working correctly we download a known image from [docker hub](https://hub.docker.com), create a tag pointing to the new registry and upload the image:
 ```console
 docker pull ubuntu:16.04
 docker tag ubuntu:16.04 `registry.<your domain>/ubuntu:16.04`
 docker push `registry.<your domain>/ubuntu:16.04`
 ```
 Please replace `registry.<your domain>` with your domain.
--- a/docs/examples/docker-registry/deployment.yaml
+++ b/docs/examples/docker-registry/deployment.yaml
@ -0,0 +1,56 @@
 apiVersion: v1
 kind: Namespace
 metadata:
  name: docker-registry
 ---
 apiVersion: extensions/v1beta1
 kind: Deployment
 metadata:
  name: docker-registry
  namespace: docker-registry
 spec:
  replicas: 1
  selector:
    matchLabels:
      app: docker-registry
  template:
    metadata:
      labels:
        app: docker-registry
    spec:
      containers:
        - name: docker-registry
          image: registry:2.6.2
          env:
            - name: REGISTRY_HTTP_ADDR
              value: ":5000"
            - name: REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY
              value: "/var/lib/registry"
          ports:
          - name: http
            containerPort: 5000
          volumeMounts:
          - name: image-store
            mountPath: "/var/lib/registry"
      volumes:
        - name: image-store
          emptyDir: {}
 ---
 kind: Service
 apiVersion: v1
 metadata:
  name: docker-registry
  namespace: docker-registry
  labels:
    app: docker-registry
 spec:
  selector:
    app: docker-registry
  ports:
  - name: http
    port: 5000
    targetPort: 5000
--- a/docs/examples/docker-registry/ingress-with-tls.yaml
+++ b/docs/examples/docker-registry/ingress-with-tls.yaml
@ -0,0 +1,23 @@
 apiVersion: extensions/v1beta1
 kind: Ingress
 metadata:
  annotations:
    ingress.kubernetes.io/proxy-body-size: "0"
    ingress.kubernetes.io/proxy-read-timeout: "600"
    ingress.kubernetes.io/proxy-send-timeout: "600"
    kubernetes.io/tls-acme: 'true'
  name: docker-registry
  namespace: docker-registry
 spec:
  tls:
  - hosts:
    - registry.<your domain>
    secretName: registry-tls
  rules:
  - host: registry.<your domain>
    http:
      paths:
      - backend:
          serviceName: docker-registry
          servicePort: 5000
        path: /
--- a/docs/examples/docker-registry/ingress-without-tls.yaml
+++ b/docs/examples/docker-registry/ingress-without-tls.yaml
@ -0,0 +1,18 @@
 apiVersion: extensions/v1beta1
 kind: Ingress
 metadata:
  annotations:
    ingress.kubernetes.io/proxy-body-size: "0"
    ingress.kubernetes.io/proxy-read-timeout: "600"
    ingress.kubernetes.io/proxy-send-timeout: "600"
  name: docker-registry
  namespace: docker-registry
 spec:
  rules:
  - host: registry.<your domain>
    http:
      paths:
      - backend:
          serviceName: docker-registry
          servicePort: 5000
        path: /