40 lines
1,013 B
Markdown
40 lines
1,013 B
Markdown
# Create a private registry for containers with Ansible
|
|
|
|
Ref: <https://www.redhat.com/sysadmin/simple-container-registry>
|
|
|
|
## Run the playbook
|
|
|
|
```bash
|
|
ansible-playbook container_registry.yaml
|
|
```
|
|
|
|
## Setup
|
|
|
|
Make sure the local CA (domain.crt) is accepted on all the machines that will commit the images AND on all the target systems (the machines where the images will be deployed).
|
|
|
|
Manually, for Debian:
|
|
|
|
```bash
|
|
HOST=k3s
|
|
REGISTRY=tiptop:5000
|
|
ssh root@$HOST mkdir -p /etc/containers/certs.d/$REGISTRY
|
|
scp certs/domain.crt root@$HOST:/etc/containers/certs.d/$REGISTRY/
|
|
```
|
|
|
|
### Kubernetes
|
|
|
|
Add the credential to the kubernetes cluster:
|
|
|
|
```bash
|
|
kubectl create secret docker-registry regcred --docker-server=tiptop:5000 --docker-username=admin --docker-password=admin -n default
|
|
```
|
|
|
|
## Use
|
|
|
|
To push to the registry:
|
|
|
|
```bash
|
|
podman push <image name> docker://<host name>:5000/<image name>
|
|
```
|
|
|
|
To use it in Kubernetes, see <https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/>
|