Merge pull request #1720 from aledbf/registry

Add docker-registry example [ci skip]
2017-11-17 20:34:48 -03:00 · 2017-11-17 20:34:48 -03:00 · de37e8ea89
commit de37e8ea89
parent 26e630577e 79f6afba06
4 changed files with 147 additions and 0 deletions
--- a/docs/examples/docker-registry/README.md
+++ b/docs/examples/docker-registry/README.md
@ -0,0 +1,50 @@
+# Docker registry
+
+This example demonstrates how to deploy a [docker registry](https://github.com/docker/distribution) in the cluster and configure Ingress enable access from Internet
+
+## Deployment
+
+First we deploy the docker registry in the cluster:
+
+```console
+kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/docs/examples/docker-registry/deployment.yaml
+```
+
+**Important:** DO NOT RUN THIS IN PRODUCTION.
+This deployment uses `emptyDir` in the `volumeMount` which means the contents of the registry will be deleted when the pod dies.
+
+
+The next required step is creation of the ingress rules. To do this we have two options: with and without TLS
+
+### Without TLS
+
+Download and edit the yaml deployment replacing `registry.<your domain>` with a valid DNS name pointing to the ingress controller:
+
+```console
+wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/docs/examples/docker-registry/ingress-without-tls.yaml
+```
+
+**Important:** running a docker registry without TLS requires we configure our local docker daemon with the insecure registry flag.
+Please check [deploy a plain http registry](https://docs.docker.com/registry/insecure/#deploy-a-plain-http-registry)
+
+### With TLS
+
+Download and edit the yaml deployment replacing `registry.<your domain>` with a valid DNS name pointing to the ingress controller:
+
+```console
+wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/docs/examples/docker-registry/ingress-with-tls.yaml
+```
+
+Deploy [kube lego](https://github.com/jetstack/kube-lego) use [Let's Encrypt](https://letsencrypt.org/) certificates or edit the ingress rule to use a secret with an existing SSL certificate.
+
+### Testing
+
+To test the regstry is working correctly we download a known image from [docker hub](https://hub.docker.com), create a tag pointing to the new registry and upload the image:
+
+```console
+docker pull ubuntu:16.04
+docker tag ubuntu:16.04 `registry.<your domain>/ubuntu:16.04`
+docker push `registry.<your domain>/ubuntu:16.04`
+```
+
+Please replace `registry.<your domain>` with your domain.
--- a/docs/examples/docker-registry/deployment.yaml
+++ b/docs/examples/docker-registry/deployment.yaml
@ -0,0 +1,56 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: docker-registry
+
+---
+
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  name: docker-registry
+  namespace: docker-registry
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: docker-registry
+  template:
+    metadata:
+      labels:
+        app: docker-registry
+    spec:
+      containers:
+        - name: docker-registry
+          image: registry:2.6.2
+          env:
+            - name: REGISTRY_HTTP_ADDR
+              value: ":5000"
+            - name: REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY
+              value: "/var/lib/registry"
+          ports:
+          - name: http
+            containerPort: 5000
+          volumeMounts:
+          - name: image-store
+            mountPath: "/var/lib/registry"
+      volumes:
+        - name: image-store
+          emptyDir: {}
+
+---
+
+kind: Service
+apiVersion: v1
+metadata:
+  name: docker-registry
+  namespace: docker-registry
+  labels:
+    app: docker-registry
+spec:
+  selector:
+    app: docker-registry
+  ports:
+  - name: http
+    port: 5000
+    targetPort: 5000
--- a/docs/examples/docker-registry/ingress-with-tls.yaml
+++ b/docs/examples/docker-registry/ingress-with-tls.yaml
@ -0,0 +1,23 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  annotations:
+    ingress.kubernetes.io/proxy-body-size: "0"
+    ingress.kubernetes.io/proxy-read-timeout: "600"
+    ingress.kubernetes.io/proxy-send-timeout: "600"
+    kubernetes.io/tls-acme: 'true'
+  name: docker-registry
+  namespace: docker-registry
+spec:
+  tls:
+  - hosts:
+    - registry.<your domain>
+    secretName: registry-tls
+  rules:
+  - host: registry.<your domain>
+    http:
+      paths:
+      - backend:
+          serviceName: docker-registry
+          servicePort: 5000
+        path: /
--- a/docs/examples/docker-registry/ingress-without-tls.yaml
+++ b/docs/examples/docker-registry/ingress-without-tls.yaml
@ -0,0 +1,18 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  annotations:
+    ingress.kubernetes.io/proxy-body-size: "0"
+    ingress.kubernetes.io/proxy-read-timeout: "600"
+    ingress.kubernetes.io/proxy-send-timeout: "600"
+  name: docker-registry
+  namespace: docker-registry
+spec:
+  rules:
+  - host: registry.<your domain>
+    http:
+      paths:
+      - backend:
+          serviceName: docker-registry
+          servicePort: 5000
+        path: /