Easy creation of a container registry
| auth | ||
| certs | ||
| data | ||
| container_registry.yaml | ||
| Containerfile | ||
| README.md | ||
| secret.yaml | ||
Create a private registry for containers with Ansible
Ref: https://www.redhat.com/sysadmin/simple-container-registry
Run the playbook
ansible-playbook container_registry.yaml
Setup
Make sure the local CA (domain.crt) is accepted on all the machines that will commit the images AND on all the target systems (the machines where the images will be deployed).
Manually, for Debian:
HOST=k3s
REGISTRY=tiptop:5000
ssh root@$HOST mkdir -p /etc/containers/certs.d/$REGISTRY
scp certs/domain.crt root@$HOST:/etc/containers/certs.d/$REGISTRY/
Kubernetes
Add the credential to the kubernetes cluster:
kubectl create secret docker-registry regcred --docker-server=tiptop:5000 --docker-username=admin --docker-password=admin -n default
Use
To push to the registry:
podman push <image name> docker://<host name>:5000/<image name>
To use it in Kubernetes, see https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
Maintenance
Remove images / tags
In short:
- login to the registry container
- delete the directories keeping the metadata of the images and tags
- run command registry garbage_collect to delete the unreferenced blobs
In practice:
## Login to the machine with the dedicated user
ssh registry@tiptop
## Run a shell in a registry container
# podman run -it --rm myregistry sh # if the registry is not started
podman exec -it mycontainer sh
# List all images and their tags
ls -lsd /var/lib/registry/docker/registry/v2/repositories/*/_manifests/tags/*
## To remove an image with all its tags:
rm -rf /var/lib/registry/docker/registry/v2/repositories/image_to_be_deleted
## To remove only a tag, eg "latest":
rm -rf /var/lib/registry/docker/registry/v2/repositories/image_to_be_deleted/_manifests/tags/latest
## Clean up the unreferenced blobs
registry garbage-collect -m /etc/docker/registry/config.yml