Day 42/40 - Host Your Private Docker Registry On Kubernetes

About this video

### Comprehensive Final Summary This document encapsulates the culmination of a series focused on preparing for the Certified Kubernetes Administrator (CKA) certification, specifically video 42, which transitions from theoretical knowledge to practical, hands-on experience. The project involves hosting a local Docker container registry within a Kubernetes environment, emphasizing best practices in security, scalability, and operational efficiency. #### **Project Overview** The objective is to deploy a self-hosted Docker container registry using Kubernetes, ensuring robust configurations such as TLS encryption, authentication mechanisms, secrets management, deployments, replica sets, and services. Public registries like DockerHub are unsuitable for production due to privacy concerns, making self-hosted solutions or alternatives like AWS ECR, Azure ACR, or Google GCR more appropriate. For this project, the open-source tool "distribution" is utilized. #### **Pre-requisites** Before starting, it is assumed that: - A Kubernetes cluster is operational with all nodes healthy. - Necessary directories (`registry`, `certs`, `auth`) have been created for organizing certificates, authentication files, and other resources. #### **Key Implementation Steps** 1. **Certificate Generation**: - Self-signed TLS certificates are generated using OpenSSL and stored in the `certs` folder to secure the registry. 2. **Authentication Setup**: - Encrypted username/password credentials are created using the `htpasswd` utility inside an `httpd` container and stored in the `auth` directory. 3. **Secrets Management**: - Kubernetes secrets are created for TLS certificates and authentication credentials, ensuring secure handling by mounting these secrets into pods. 4. **Persistent Storage**: - Persistent Volume (PV) and Persistent Volume Claim (PVC) are configured to ensure data persistence across pod restarts. The host path `/home/ubuntu/repos` is used to store registry data. 5. **Deployment Configuration**: - A deployment YAML file is created with two replicas for high availability, using the stable `registry:2.8.2` image. Volumes are mounted for certificates, authentication, and persistent storage. 6. **Service Exposure**: - A service YAML file exposes the registry on NodePort 5000, leveraging Kubernetes' load-balancing capabilities. 7. **Environment Variables and DNS Resolution**: - Environment variables (`REGISTRY_NAME`, `REGISTRY_IP`) are set for registry access, and local DNS entries are added to `/etc/hosts` on all nodes for proper name resolution. #### **Testing and Validation** The document provides a detailed guide to testing and validating the private Docker registry setup, addressing common issues and troubleshooting steps: 1. **Adding Certificates**: - Custom TLS certificates are added to all nodes by placing them in `/usr/local/share/ca-certificates/` and updating the certificate store using `update-ca-certificates`. 2. **Configuring Docker Trust**: - A directory is created under `/etc/docker/certs.d/` for the registry's hostname and port, and the certificate is copied there to enable Docker trust. 3. **Testing Authentication and Functionality**: - A `docker login` is performed to verify authentication. Images are tagged and pushed to the private registry to demonstrate functionality. 4. **Pod Deployment with Image Pull Secrets**: - A Kubernetes pod is created to pull an image from the private registry. Initially, authentication issues arise, resolved by creating and referencing a Docker registry secret in the pod specification. 5. **Troubleshooting Common Errors**: - Issues such as incorrect image tags or certificate verification failures are addressed by ensuring consistency between pushed and pulled image tags. 6. **Final Validation**: - Once the correct image is pushed and the pod is configured with the proper secrets, the pod successfully starts. Accessing the pod's endpoint confirms the deployment's functionality. #### **Conclusion** The document concludes with cleanup instructions and emphasizes best practices, including verifying configurations and performing hands-on exercises to reinforce learning. It highlights the importance of understanding the practical application of Kubernetes concepts and hints at advanced topics to be explored further. In summary, this comprehensive guide details the process of setting up a secure, private Docker registry within a Kubernetes environment. It addresses potential pitfalls, provides troubleshooting strategies, and reinforces the practical application of Kubernetes principles, serving as a valuable resource for both CKA aspirants and practitioners aiming to enhance their skills in container orchestration and registry management.

Course: Certified Kubernetes Administrator Full Course For beginners | CKA 2025

This playlist contains the complete CKA series for beginners, based on the latest 2025 curriculum. It includes 40+ videos with hands-on demos, assignments, and exam-based scenarios. We will cover everything from the basics to the Advanced, including fundamental concepts such as Docker, containers, Docker storage and networking, DNS, etc.