# Create a private registry for containers with Ansible

Ref: <https://www.redhat.com/sysadmin/simple-container-registry>

## Run the playbook

```bash
ansible-playbook container_registry.yaml
```

## Setup

Make sure the local CA (domain.crt) is accepted on all the machines that will commit the images AND on all the target systems (the machines where the images will be deployed).

Manually, for Debian:

```bash
HOST=k3s
REGISTRY=tiptop:5000
ssh root@$HOST mkdir -p /etc/containers/certs.d/$REGISTRY
scp certs/domain.crt root@$HOST:/etc/containers/certs.d/$REGISTRY/
```

### Kubernetes

Add the credential to the kubernetes cluster:

```bash
kubectl create secret docker-registry regcred --docker-server=tiptop:5000 --docker-username=admin --docker-password=admin -n default
```

## Use

To push to the registry:

```bash
podman push <image name> docker://<host name>:5000/<image name>
```

To use it in Kubernetes, see <https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/>

## Maintenance

### Remove images / tags

In short:

* login to the registry container
* delete the directories keeping the metadata of the images and tags
* run command *registry garbage_collect* to delete the unreferenced blobs

In practice:

```bash
## Login to the machine with the dedicated user
ssh registry@tiptop
## Run a shell in a registry container
# podman run -it --rm myregistry sh # if the registry is not started
podman exec -it myregistry sh
# List all images and their tags
ls -ldrt /var/lib/registry/docker/registry/v2/repositories/*/_manifests/tags/*
## To remove an image with all its tags:
rm -rf /var/lib/registry/docker/registry/v2/repositories/image_to_be_deleted
## To remove only a tag, eg "latest":
rm -rf /var/lib/registry/docker/registry/v2/repositories/image_to_be_deleted/_manifests/tags/latest
## Clean up the unreferenced  blobs
registry garbage-collect -m /etc/docker/registry/config.yml
```