HiveBrain v1.2.0
Get Started
← Back to all entries
patternkubernetesMinor

Kubernets docker registry behind nginx-ingress

Submitted by: @import:stackexchange-devops··
0
Viewed 0 times
ingressdockerkubernetsregistrynginxbehind

Problem

I try to setup docker-registry in Kubernetes cluster behind the nginx-ingress controller.
The issue is, when I try to push the image into private registry, it tells me:


Get https://registry.local/v2/: x509: certificate is valid for ingress.local, not registry.local

When I curl it, I get response from ingress' backend - 404.

Here's ingress' manifest:

kind: Ingress
apiVersion: extensions/v1beta1
metadata:
  name: docker-ingress
  annotations:
    kubernetes.io/ingress.class: "nginx"
spec:
  tls:
  - hosts: [ 'registry.local' ]
  - secretName: registry
  rules:
  - host: registry.local
    http:
      paths:
      - backend:
          serviceName: docker-registry
          servicePort: 5000
        path: /


And here's docker-registry manifest:

```
kind: Deployment
apiVersion: extensions/v1beta1
metadata:
labels:
app: docker-registry
name: docker-registry
spec:
replicas: 1
selector:
matchLabels:
app: docker-registry
template:
metadata:
labels:
app: docker-registry
spec:
containers:
- command:
- /bin/registry
- serve
- /etc/docker/registry/config.yml
env:
- name: REGISTRY_HTTP_ADDR
value: 0.0.0.0:5000
- name: REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY
value: /var/lib/registry
- name: REGISTRY_HTTP_TLS_CERTIFICATE
value: /certs/ca.crt
- name: REGISTRY_HTTP_TLS_KEY
value: /certs/domain.key
image: registry:2.6.2
imagePullPolicy: IfNotPresent
name: docker-registry
ports:
- containerPort: 5000
name: http
protocol: TCP
volumeMounts:
- mountPath: /var/lib/registry
name: image-store
- mountPath: /certs
name: certs
volumes:
- name: image-store
emptyDir: {}
- name: certs
configMap:
name: certs
---
kind: Service
apiVersion: v1
metadata:
labels:
app:

Solution

First of all 404 error is resource error in kubernetes. It means your container in the pod is not created by your first script. Even if it is created and you can see it then your labeling is wrong in the second script.

I would suggest you check matchlabels of both YAML scripts. So in your case I can see that matchlabel is docker-registry in the spec section of the first script, but I don't see any docker-registry in the second script. I believe that in your metadata part of ingress script should have "name = docker-registry" instead of "name=docker-ingress".

Context

StackExchange DevOps Q#4640, answer score: 2

Revisions (0)

No revisions yet.