Anto Subash.

MicroK8s - Getting Started -Part : 3

Deploy docker registry and postgres database in MicroK8s

Table of contents

Introduction

In this post we will see how to deploy and secure the registry along with deploying a postgres database in microk8s. We will also see how to connect to the created registry. We will also see how to create a secret in kubernetes and use it in the deployment. We will also see how to create a persistent volume and use it in the deployment.

Parts

Part 1. Setup MicroK8s With Ubuntu

Part 2. Setup Nginx and cert-manager in MicroK8s

Part 3. Deploy docker registry and postgres database in MicroK8s (this post)

Part 4. Create and deploy .Net application in MicroK8s

Docker Registry

Registry login info

first lets create a username and password and store it in registry.password file.

1touch registry.password

lets create the username and password.

1docker run --entrypoint htpasswd httpd:2 -Bbn youruser yourpassword

lets store the username and password in the registry.password file.

1docker run --entrypoint htpasswd httpd:2 -Bbn youruser yourpassword

make sure to replace youruser and yourpassword with your own username and password.

this will output the username and password. copy the output and paste it in the registry.password file.

Deploy registry

lets create a namespace for the registry.

1microk8s kubectl create namespace registry

lets create a secret for the registry.

1microk8s create secret generic auth-secret --from-file=registry.password -n registry

Now we have the auth-secret created. lets create the secret for the docker registry.

1kubectl create secret docker-registry regcred -n default --docker-server=registry.yourdomain.com --docker-username=youruser --docker-password=yourpassword --docker-email=myemail@something.com

make sure to replace the yourdomain.com with your domain name. also replace the youruser and yourpassword with the username and password you created earlier. also replace the registry.yourdomain.com with your domain name.

lets create the folder for the registry.

1mkdir /mnt/registry

lets create the registry deployment.

1apiVersion: v1
2kind: Namespace
3metadata:
4  name: registry
5  labels:
6    app: registry
7---
8apiVersion: apps/v1
9kind: Deployment
10metadata:
11  name: registry
12  namespace: registry
13  labels:
14    app: registry
15spec:
16  replicas: 1
17  selector:
18    matchLabels:
19      app: registry
20  template:
21    metadata:
22      labels:
23        app: registry
24    spec:
25      containers:
26      - name: registry
27        resources:
28          requests:
29            memory: "100Mi"
30            cpu: "250m"
31          limits:
32            memory: "200Mi"
33            cpu: "500m"
34        image: registry:2
35        ports:
36        - containerPort: 5000
37        volumeMounts:
38        - name: repo-vol
39          mountPath: "/var/lib/registry"
40        - name: certs-vol
41          mountPath: "/certs"
42          readOnly: true
43        - name: auth-vol
44          mountPath: "/auth"
45          readOnly: true
46        env:
47        - name: REGISTRY_AUTH
48          value: "htpasswd"
49        - name: REGISTRY_AUTH_HTPASSWD_REALM
50          value: "Registry Realm"
51        - name: REGISTRY_AUTH_HTPASSWD_PATH
52          value: "/auth/registry.password"
53        - name: REGISTRY_HTTP_TLS_CERTIFICATE
54          value: "/certs/tls.crt"
55        - name: REGISTRY_HTTP_TLS_KEY
56          value: "/certs/tls.key"
57        - name: VIRTUAL_HOST
58          value: "registry.kdev.antosubash.com"
59     
60      volumes:
61      - name: repo-vol
62        hostPath:
63          # directory location on host
64          path: /mnt/registry
65          # this field is optional
66          type: Directory
67      - name: certs-vol
68        secret:
69          secretName: registry-tls-secret
70      - name: auth-vol
71        secret:
72          secretName: auth-secret
73---
74apiVersion: v1
75kind: Service
76metadata:
77  name: docker-registry
78  namespace: registry
79spec:
80  selector:
81    app: registry
82  ports:
83  - port: 5000
84    targetPort: 5000
85---
86apiVersion: networking.k8s.io/v1
87kind: Ingress
88metadata:
89  name: registry
90  namespace: registry
91  labels:
92    app: registry
93  annotations:
94    cert-manager.io/cluster-issuer: "lets-encrypt"
95    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
96    nginx.ingress.kubernetes.io/proxy-body-size: 1024m
97spec:
98  tls:
99  - hosts:
100    - registry.kdev.antosubash.com
101    secretName: registry-tls-secret
102  rules:
103  - host: registry.kdev.antosubash.com
104    http:
105      paths:
106      - path: /
107        pathType: Prefix
108        backend:
109          service:
110            name: docker-registry
111            port:
112              number: 5000   

make sure to replace the registry.kdev.antosubash.com with your domain name.

apply the deployment.

1microk8s kubectl apply -f registry.yml

lets check the pods.

1microk8s kubectl get pods -n registry

lets check the services.

1microk8s kubectl get services -n registry

lets check the ingress.

1microk8s kubectl get ingress -n registry

Now we have the registry deployed. lets test it.

1docker login registry.kdev.antosubash.com

make sure to replace the registry.kdev.antosubash.com with your domain name.

if you managed to login to the registry, then you have successfully deployed the registry.

Postgres Database

For this post, I am using the postgres database. you can use any database you want. I will be using the postgres database because it is the database I am most familiar with.

we will use the PersistentVolume to store the database data. so lets make we have the storage addon enabled.

1microk8s status

if the storage addon is not enabled, then enable it.

1microk8s enable hostpath-storage

Now we have the storage addon enabled. lets deploy the postgres database.

1apiVersion: v1
2kind: PersistentVolumeClaim
3metadata:
4  name: postgres-pvc
5spec:
6  accessModes: [ReadWriteOnce]
7  resources: { requests: { storage: 5Gi } }
8---
9apiVersion: apps/v1
10kind: Deployment
11metadata:
12  name: postgres
13  labels:
14    app: postgres
15    name: postgres
16spec:
17  replicas: 1
18  selector:
19    matchLabels:
20      app: postgres
21      task: postgres
22  template:
23    metadata:
24      labels:
25        app: postgres
26        task: postgres
27    spec:
28      containers:
29        - name: postgres
30          image: kartoza/postgis:12.0
31          ports:
32            - containerPort: 5432
33          env:
34            - name: POSTGRES_DB
35              value: "test"
36            - name: POSTGRES_USER
37              value: postgres
38            - name: POSTGRES_PASS
39              value: "my_postgres_password"
40            - name: --auth
41              value: "md5"
42            - name: POSTGRES_MULTIPLE_EXTENSIONS
43              value: "postgis,hstore,postgis_topology"
44          resources:
45            requests:
46              memory: "100Mi"
47              cpu: "250m"
48            limits:
49              memory: "200Mi"
50              cpu: "500m"
51          volumeMounts:
52            - name: postgres-data
53              mountPath: /var/lib/postgresql
54      volumes:
55        - name: postgres-data
56          persistentVolumeClaim:
57            claimName: postgres-pvc
58---
59apiVersion: v1
60kind: Service
61metadata:
62  name: postgres
63  labels:
64    app: postgres
65spec:
66  ports:
67    - port: 5432
68      targetPort: 5432
69  selector:
70    app: postgres
71    task: postgres
72---

apply the deployment.

1microk8s kubectl apply -f postgres.yml

lets check the pods.

1microk8s kubectl get pods

lets check the services.

1microk8s kubectl get services

lets check the persistent volume claim.

1microk8s kubectl get pvc

Now we have the postgres database deployed. lets test it.

To test the database, we will use the adminer tool. you can use any tool you want.

we will deploy the adminer tool.

1apiVersion: apps/v1
2kind: Deployment
3metadata:
4  name: pgweb
5spec:
6  selector:
7    matchLabels:
8      app: pgweb
9  template:
10    metadata:
11      labels:
12        app: pgweb
13    spec:
14      containers:
15      - name: pgweb
16        image: adminer
17        resources:
18          limits:
19            memory: "128Mi"
20            cpu: "500m"
21        ports:
22        - containerPort: 8080
23---
24apiVersion: v1
25kind: Service
26metadata:
27  name: pgweb-service
28spec:
29  selector:
30    app: pgweb
31  ports:
32  - port: 8080
33    targetPort: 8080
34---
35apiVersion: networking.k8s.io/v1
36kind: Ingress
37metadata:
38  name: pgweb-ingress
39  labels:
40    name: pgweb-ingress
41  annotations:
42    kubernetes.io/ingress.class: "public"
43    cert-manager.io/cluster-issuer: "lets-encrypt"
44spec:
45  tls:
46    - hosts:
47      - pgweb.kdev.antosubash.com
48      secretName: pgweb-tls
49  rules:
50  - host: pgweb.kdev.antosubash.com
51    http:
52      paths:
53      - pathType: Prefix
54        path: "/"
55        backend:
56          service:
57            name: pgweb-service
58            port: 
59              number: 8080

apply the deployment.

1microk8s kubectl apply -f pgweb.yml

lets check the pods.

1microk8s kubectl get pods

lets check the services.

1microk8s kubectl get services

lets check the ingress.

1microk8s kubectl get ingress

Now we have the adminer tool deployed. lets test it.

make sure to replace the pgweb.kdev.antosubash.com with your domain name.

Lets visit the adminer tool. https://pgweb.kdev.antosubash.com and login with the following credentials.

1System: PostgreSQL
2Server: postgres.default.svc.cluster.local
3Username: postgres
4Password: my_postgres_password
5Database: test

Conclusion

In this post, we have deployed the docker registry and postgres database to the microk8s cluster. we have also deployed the adminer tool to test the database. In the next post, we will deploy a simple dotnet core application to the microk8s cluster.

Part 4. Create and deploy .Net application in MicroK8s

Credits

Docker registry is secured based on this post https://timvw.be/2021/11/08/hosting-a-secure-registry-on-microk8s/

Buy Me a Coffee at ko-fi.com