Created
January 31, 2019 14:03
-
-
Save PoslavskySV/b71ded84999d81d2ee540ed1b921eea2 to your computer and use it in GitHub Desktop.
In-cluster Docker registry AKS bug
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: apps/v1 | |
| kind: Deployment | |
| metadata: | |
| name: docker-registry | |
| namespace: docker-registry | |
| labels: | |
| app: docker-registry | |
| spec: | |
| replicas: 1 | |
| selector: | |
| matchLabels: | |
| app: docker-registry | |
| template: | |
| metadata: | |
| labels: | |
| app: docker-registry | |
| spec: | |
| volumes: | |
| - name: registry-data | |
| persistentVolumeClaim: | |
| claimName: registry-data | |
| - name: registry-secret-data | |
| secret: | |
| secretName: docker-registry-basic-auth-secret | |
| containers: | |
| - name: registry | |
| image: registry:2 | |
| imagePullPolicy: Always | |
| env: | |
| - name: REGISTRY_AUTH | |
| value: htpasswd | |
| - name: REGISTRY_HTTP_ADDR | |
| value: 0.0.0.0:5000 | |
| # Secret was generated with: | |
| # docker run --rm --entrypoint htpasswd registry:2 -Bbn foo bar > auth | |
| # kubectl create secret generic docker-registry-basic-auth-secret --from-file=auth --namespace=docker-registry | |
| - name: REGISTRY_AUTH_HTPASSWD_PATH | |
| value: "/docker-registry-auth/auth" | |
| - name: REGISTRY_AUTH_HTPASSWD_REALM | |
| value: basic-realm | |
| ports: | |
| - name: http | |
| containerPort: 5000 | |
| volumeMounts: | |
| - name: registry-data | |
| mountPath: /var/lib/registry | |
| - name: registry-secret-data | |
| mountPath: "/docker-registry-auth/" | |
| readOnly: true | |
| --- | |
| kind: Service | |
| apiVersion: v1 | |
| metadata: | |
| name: docker-registry | |
| namespace: docker-registry | |
| spec: | |
| selector: | |
| app: docker-registry | |
| ports: | |
| - protocol: TCP | |
| port: 80 | |
| targetPort: 5000 | |
| --- | |
| apiVersion: extensions/v1beta1 | |
| kind: Ingress | |
| metadata: | |
| name: docker-registry | |
| namespace: docker-registry | |
| annotations: | |
| nginx.ingress.kubernetes.io/proxy-body-size: "0" | |
| spec: | |
| tls: | |
| - hosts: | |
| - my-registry.my-site.com | |
| secretName: docker-registry-tls | |
| rules: | |
| - host: my-registry.my-site.com | |
| http: | |
| paths: | |
| - backend: | |
| serviceName: docker-registry | |
| servicePort: 80 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment