Running a Local Registry

If a local network is secure, we can easily configure a local registry without having to manage TLS certificates

$ kubectl get svc -o wide registry
NAME       TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)    AGE     SELECTOR
registry   ClusterIP   None         <none>        5000/TCP   5d20h   app=registry

Trusted Repository for Kubernetes

For Podman, a new file under /etc/containers/registries.conf.d/

[[registry]]
location = "registry.default.svc.mykube.lan:5000"
insecure = true

For Docker, modify /etc/docker/daemon.json

{
  "insecure-registries" : ["registry.default.svc.mykube.lan:5000"]
}

Registry Deployment

Using local storage

---
apiVersion: v1
kind: Service
metadata:
  name: registry
spec:
  clusterIP: None
  ports:
  - port: 5000
    targetPort: 5000
  selector:
    app: registry
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: registry
  labels:
    run: registry
spec:
  replicas: 1
  selector:
    matchLabels:
      app: registry
  template:
    metadata:
      labels:
        app: registry
    spec:
      containers:
      - name: registry
        image: registry:2
        ports:
          - name: registry-http
            containerPort: 5000
        volumeMounts:
        - name: registry-data
          mountPath: /var/lib/registry/docker/registry
      volumes:
      - name: registry-data
        hostPath:
          path: /share/registry

Docker Push

To build and push an image

IMAGE=sf-agent:latest
REGISTRY=registry.default.svc.mykube.lan:5000

image:
    docker build . -f Dockerfile -t $(IMAGE)

publish:
    docker tag ${IMAGE} ${REGISTRY}/${IMAGE}
    docker push ${REGISTRY}/${IMAGE}

Eric Radman : a Journal

Running a Local Registry

Trusted Repository for Kubernetes

Registry Deployment

Docker Push