# Rancher 建立 Docker Private Registry * 宣告環境變數使用 kubectl logs 查看才會有密碼 * 須注意 nodeName 節點名稱 ``` $ vim dkreg.yaml apiVersion: apps/v1 kind: Deployment metadata: labels: app: dkreg name: dkreg spec: replicas: 1 selector: matchLabels: app: dkreg template: metadata: labels: app: dkreg spec: containers: - image: registry:2 name: dkreg ports: - containerPort: 5000 volumeMounts: - mountPath: "/var/lib/registry" name: hp-dkreg env: - name: REGISTRY_AUTH value: "htpasswd" - name: REGISTRY_AUTH_HTPASSWD_PATH value: "/opt/htpasswd" - name: REGISTRY_AUTH_HTPASSWD_REALM value: "Registry Realm" volumes: - name: hp-dkreg hostPath: path: /opt/dkreg nodeName: w1 $ kubectl apply -f dkreg.yaml ``` * 建立 service，type 是 ClusterIP ``` $ vim dkreg-svc.yaml apiVersion: v1 kind: Service metadata: labels: app: dkreg name: dkreg spec: clusterIP: 10.43.0.11 ports: - name: dkregistry port: 5000 protocol: TCP targetPort: 5000 selector: app: dkreg type: ClusterIP $ kubectl apply -f dkreg-svc.yaml ``` * 查看 Registry 帳號與密碼 ``` $ kubectl get po NAME READY STATUS RESTARTS AGE dkreg-6c4754f549-s4f97 1/1 Running 0 6m22s $ kubectl logs dkreg-6c4754f549-s4f97 | grep 'user=docker' time="2023-11-22T08:36:55.150161633Z" level=warning msg="htpasswd is missing, provisioning with default user" go.version=go1.20.8 password=YlNqvZ5nsrZ51egLcFgdVdweRAwOKfQ1udsmvFmsFao user=docker ``` * 使用 podman login ``` $ sudo podman login --tls-verify=false 10.43.0.11:5000 username and password Username (docker): docker Password: Login Succeeded! ``` * 丟一張 nginx image 進去 ``` $ sudo podman push --tls-verify=false 10.43.0.11:5000/nginx ``` * 使用 api 方式查看有哪些 image ``` # curl -XGET http://[USERNAME]:[PASSWORD]@10.43.0.11:5000/v2/_catalog $ curl -XGET http://docker:YlNqvZ5nsrZ51egLcFgdVdweRAwOKfQ1udsmvFmsFao@10.43.0.11:5000/v2/_catalog {"repositories":["alpine","nginx"]} ``` * 再掛 hostpath 的機器上檢查目錄 ``` $ ls -l /opt/dkreg/docker/registry/v2/repositories/ total 0 drwxr-xr-x 1 root root 50 Feb 16 09:31 nginx drwxr-xr-x 1 root root 50 Feb 16 09:31 nginx ``` * 如果要刪除 image，直接從目錄上刪除即可 ``` $ rm -r /opt/dkreg/docker/registry/v2/repositories/nginx/ ``` * 檢查 ``` $ curl -XGET http://docker:YlNqvZ5nsrZ51egLcFgdVdweRAwOKfQ1udsmvFmsFao@10.43.0.11:5000/v2/_catalog {"repositories":["alpine"]} $ curl -XGET http://docker:YlNqvZ5nsrZ51egLcFgdVdweRAwOKfQ1udsmvFmsFao@10.43.0.11:5000/v2/alpine/tags/list {"name":"alpine","tags":["latest"]} ``` ## Rancher 設定 Registry * Containerd 存取 Private Registry 的 Image 時，預設走 https ，因此須設定 mirrors 讓他走 http。  * 建立 imgps Pod  ``` apiVersion: v1 kind: Pod metadata: name: imgps spec: containers: - image: 10.43.0.11:5000/nginx name: imgps ``` * 檢查 Pod 狀態