$ DOCKER_REGISTRY_CERTIFICATE_PATH=~/registry/registry.crtSet a variable with the host ip address and port of the Docker registry:
$ DOCKER_REGISTRY=192.168.2.22:5000Install Docker registry certificate into Minikube:
$ cat $DOCKER_REGISTRY_CERTIFICATE_PATH | minikube ssh "sudo mkdir -p /etc/docker/certs.d/$DOCKER_REGISTRY && sudo tee /etc/docker/certs.d/$DOCKER_REGISTRY/ca.crt"
-----BEGIN CERTIFICATE----- MIIFIDCCAwigAwIBAgIUfIh/TnW6fLW3E6kpNdZhQ4GECsIwDQYJKoZIhvcNAQEL ... URdSW+SPvJEUafqsGuMrlj70Y3U= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFIDCCAwigAwIBAgIUfIh/TnW6fLW3E6kpNdZhQ4GECsIwDQYJKoZIhvcNAQEL ... URdSW+SPvJEUafqsGuMrlj70Y3U= -----END CERTIFICATE----- ^CType ^C to exit.
$ kubectl create secret docker-registry registry-credentials \ --docker-server=192.168.2.22:5000 \ --docker-username=admin \ --docker-password=admin
secret/registry-credentials createdVerify secret creation:
$ kubectl get secret registry-credentials
NAME TYPE DATA AGE registry-credentials kubernetes.io/dockerconfigjson 1 5m33s
$ kubectl get secret registry-credentials --output="jsonpath={.data.\.dockerconfigjson}" | base64 --decode
{ "auths": { "192.168.2.22:5000": { "username": "admin", "password": "admin", "auth": "YWRtaW46YWRtaW4=" } } }
$ echo "YWRtaW46YWRtaW4=" | base64 --decode
admin:admin
$ docker login 192.168.2.22:5000
$ docker pull k8s.gcr.io/echoserver:1.4
$ docker tag k8s.gcr.io/echoserver:1.4 192.168.2.22:5000/local_echoserver:1.4
$ docker push 192.168.2.22:5000/local_echoserver:1.4
The push refers to repository [192.168.2.22:5000/local_echoserver] ... 6cc9890d69b6: Pushed 1.4: digest: sha256:6eb2f60a3ca84e3c6c17c9a5a34dbd4f75ff1a1088011d118f5e53626db1ddb7 size: 2602
$ vi echo-server.yaml
apiVersion: apps/v1 kind: Deployment metadata: name: echo-server spec: selector: matchLabels: app: echo-server template: metadata: labels: app: echo-server spec: containers: - name: echo-server image: 192.168.2.22:5000/local_echoserver:1.4 imagePullSecrets: - name: registry-credentialsNote the usage of imagePullSecrets (the authorization token) that references the secret that stores the credentials that are used to access the Docker registry.
$ kubectl apply -f echo-server.yaml
deployment.apps/echo-server created
$ kubectl get events
LAST SEEN TYPE REASON OBJECT MESSAGE 27s Normal Scheduled pod/echo-server-d855cd55-9sg2s Successfully assigned default/echo-server-d855cd55-9sg2s to minikube 26s Normal Pulling pod/echo-server-d855cd55-9sg2s Pulling image "192.168.2.22:5000/local_echoserver:1.4" 22s Normal Pulled pod/echo-server-d855cd55-9sg2s Successfully pulled image "192.168.2.22:5000/local_echoserver:1.4" 22s Normal Created pod/echo-server-d855cd55-9sg2s Created container echo-server 22s Normal Started pod/echo-server-d855cd55-9sg2s Started container echo-server 27s Normal SuccessfulCreate replicaset/echo-server-d855cd55 Created pod: echo-server-d855cd55-9sg2s 27s Normal ScalingReplicaSet deployment/echo-server Scaled up replica set echo-server-d855cd55 to 1