A Docker registries operator for Kubernetes, developed inside the Kubic project.
- Automatic installation of registries certificates based on some CRDs.
-
load the operator with
kubectl apply -f https://raw.githubusercontent.com/kubic-project/registries-operator/master/deployments/registries-operator-full.yaml
-
once the operator is running, store the certificate for your registry in a Secret with:
kubectl create secret generic suse-ca-crt --from-file=ca.crt=/etc/pki/trust/anchors/SUSE_CaaSP_CA.crt -n kube-system
where
/etc/pki/trust/anchors/SUSE_CaaSP_CA.crt
is the certificate andsuse-ca-crt
is the Secret. -
create a
Registry
object like this:# registry.yaml apiVersion: "kubic.opensuse.org/v1beta1" kind: Registry metadata: name: suse-registry namespace: kube-system spec: hostPort: "registry.suse.de:5000" # secret with the ca.crt used for pulling images from this registry certificate: name: suse-ca-crt namespace: kube-system
then you can load it with
kubectl apply -f registry.yaml
. -
once this is done, the
suse-ca-crt
should automatically appear in all the machines in your cluster, and all the Docker daemons in your cluster will be able topull
from that registry automatically.
- See the development documentation if you intend to contribute to this project.
- the registries-operator image in the Docker Hub.
- the kubic-init container, a container for bootstrapping a Kubernetes cluster on top of MicroOS (an openSUSE-Tumbleweed-based OS focused on running containers).
- the Kubic Project home page.