Table of contents
Introduction
In this post we will see how to deploy and secure the registry along with deploying a postgres database in microk8s. We will also see how to connect to the created registry. We will also see how to create a secret in kubernetes and use it in the deployment. We will also see how to create a persistent volume and use it in the deployment.
Parts
Part 1. Setup MicroK8s With Ubuntu
Part 2. Setup Nginx and cert-manager in MicroK8s
Part 3. Deploy docker registry and postgres database in MicroK8s (this post)
Part 4. Create and deploy .Net application in MicroK8s
Docker Registry
Registry login info
first lets create a username and password and store it in registry.password
file.
1touch registry.password
lets create the username and password.
1docker run --entrypoint htpasswd httpd:2 -Bbn youruser yourpassword
lets store the username and password in the registry.password
file.
1docker run --entrypoint htpasswd httpd:2 -Bbn youruser yourpassword
make sure to replace
youruser
andyourpassword
with your own username and password.
this will output the username and password. copy the output and paste it in the registry.password
file.
Deploy registry
lets create a namespace for the registry.
1microk8s kubectl create namespace registry
lets create a secret for the registry.
1microk8s create secret generic auth-secret --from-file=registry.password -n registry
Now we have the auth-secret created. lets create the secret for the docker registry.
1kubectl create secret docker-registry regcred -n default --docker-server=registry.yourdomain.com --docker-username=youruser --docker-password=yourpassword --docker-email=myemail@something.com
make sure to replace the
yourdomain.com
with your domain name. also replace theyouruser
andyourpassword
with the username and password you created earlier. also replace theregistry.yourdomain.com
with your domain name.
lets create the folder for the registry.
1mkdir /mnt/registry
lets create the registry deployment.
1apiVersion: v1 2kind: Namespace 3metadata: 4 name: registry 5 labels: 6 app: registry 7--- 8apiVersion: apps/v1 9kind: Deployment 10metadata: 11 name: registry 12 namespace: registry 13 labels: 14 app: registry 15spec: 16 replicas: 1 17 selector: 18 matchLabels: 19 app: registry 20 template: 21 metadata: 22 labels: 23 app: registry 24 spec: 25 containers: 26 - name: registry 27 resources: 28 requests: 29 memory: "100Mi" 30 cpu: "250m" 31 limits: 32 memory: "200Mi" 33 cpu: "500m" 34 image: registry:2 35 ports: 36 - containerPort: 5000 37 volumeMounts: 38 - name: repo-vol 39 mountPath: "/var/lib/registry" 40 - name: certs-vol 41 mountPath: "/certs" 42 readOnly: true 43 - name: auth-vol 44 mountPath: "/auth" 45 readOnly: true 46 env: 47 - name: REGISTRY_AUTH 48 value: "htpasswd" 49 - name: REGISTRY_AUTH_HTPASSWD_REALM 50 value: "Registry Realm" 51 - name: REGISTRY_AUTH_HTPASSWD_PATH 52 value: "/auth/registry.password" 53 - name: REGISTRY_HTTP_TLS_CERTIFICATE 54 value: "/certs/tls.crt" 55 - name: REGISTRY_HTTP_TLS_KEY 56 value: "/certs/tls.key" 57 - name: VIRTUAL_HOST 58 value: "registry.kdev.antosubash.com" 59 60 volumes: 61 - name: repo-vol 62 hostPath: 63 # directory location on host 64 path: /mnt/registry 65 # this field is optional 66 type: Directory 67 - name: certs-vol 68 secret: 69 secretName: registry-tls-secret 70 - name: auth-vol 71 secret: 72 secretName: auth-secret 73--- 74apiVersion: v1 75kind: Service 76metadata: 77 name: docker-registry 78 namespace: registry 79spec: 80 selector: 81 app: registry 82 ports: 83 - port: 5000 84 targetPort: 5000 85--- 86apiVersion: networking.k8s.io/v1 87kind: Ingress 88metadata: 89 name: registry 90 namespace: registry 91 labels: 92 app: registry 93 annotations: 94 cert-manager.io/cluster-issuer: "lets-encrypt" 95 nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" 96 nginx.ingress.kubernetes.io/proxy-body-size: 1024m 97spec: 98 tls: 99 - hosts: 100 - registry.kdev.antosubash.com 101 secretName: registry-tls-secret 102 rules: 103 - host: registry.kdev.antosubash.com 104 http: 105 paths: 106 - path: / 107 pathType: Prefix 108 backend: 109 service: 110 name: docker-registry 111 port: 112 number: 5000
make sure to replace the
registry.kdev.antosubash.com
with your domain name.
apply the deployment.
1microk8s kubectl apply -f registry.yml
lets check the pods.
1microk8s kubectl get pods -n registry
lets check the services.
1microk8s kubectl get services -n registry
lets check the ingress.
1microk8s kubectl get ingress -n registry
Now we have the registry deployed. lets test it.
1docker login registry.kdev.antosubash.com
make sure to replace the
registry.kdev.antosubash.com
with your domain name.
if you managed to login to the registry, then you have successfully deployed the registry.
Postgres Database
For this post, I am using the postgres database. you can use any database you want. I will be using the postgres database because it is the database I am most familiar with.
we will use the PersistentVolume
to store the database data. so lets make we have the storage addon enabled.
1microk8s status
if the storage addon is not enabled, then enable it.
1microk8s enable hostpath-storage
Now we have the storage addon enabled. lets deploy the postgres database.
1apiVersion: v1 2kind: PersistentVolumeClaim 3metadata: 4 name: postgres-pvc 5spec: 6 accessModes: [ReadWriteOnce] 7 resources: { requests: { storage: 5Gi } } 8--- 9apiVersion: apps/v1 10kind: Deployment 11metadata: 12 name: postgres 13 labels: 14 app: postgres 15 name: postgres 16spec: 17 replicas: 1 18 selector: 19 matchLabels: 20 app: postgres 21 task: postgres 22 template: 23 metadata: 24 labels: 25 app: postgres 26 task: postgres 27 spec: 28 containers: 29 - name: postgres 30 image: kartoza/postgis:12.0 31 ports: 32 - containerPort: 5432 33 env: 34 - name: POSTGRES_DB 35 value: "test" 36 - name: POSTGRES_USER 37 value: postgres 38 - name: POSTGRES_PASS 39 value: "my_postgres_password" 40 - name: --auth 41 value: "md5" 42 - name: POSTGRES_MULTIPLE_EXTENSIONS 43 value: "postgis,hstore,postgis_topology" 44 resources: 45 requests: 46 memory: "100Mi" 47 cpu: "250m" 48 limits: 49 memory: "200Mi" 50 cpu: "500m" 51 volumeMounts: 52 - name: postgres-data 53 mountPath: /var/lib/postgresql 54 volumes: 55 - name: postgres-data 56 persistentVolumeClaim: 57 claimName: postgres-pvc 58--- 59apiVersion: v1 60kind: Service 61metadata: 62 name: postgres 63 labels: 64 app: postgres 65spec: 66 ports: 67 - port: 5432 68 targetPort: 5432 69 selector: 70 app: postgres 71 task: postgres 72---
apply the deployment.
1microk8s kubectl apply -f postgres.yml
lets check the pods.
1microk8s kubectl get pods
lets check the services.
1microk8s kubectl get services
lets check the persistent volume claim.
1microk8s kubectl get pvc
Now we have the postgres database deployed. lets test it.
To test the database, we will use the adminer
tool. you can use any tool you want.
we will deploy the adminer
tool.
1apiVersion: apps/v1 2kind: Deployment 3metadata: 4 name: pgweb 5spec: 6 selector: 7 matchLabels: 8 app: pgweb 9 template: 10 metadata: 11 labels: 12 app: pgweb 13 spec: 14 containers: 15 - name: pgweb 16 image: adminer 17 resources: 18 limits: 19 memory: "128Mi" 20 cpu: "500m" 21 ports: 22 - containerPort: 8080 23--- 24apiVersion: v1 25kind: Service 26metadata: 27 name: pgweb-service 28spec: 29 selector: 30 app: pgweb 31 ports: 32 - port: 8080 33 targetPort: 8080 34--- 35apiVersion: networking.k8s.io/v1 36kind: Ingress 37metadata: 38 name: pgweb-ingress 39 labels: 40 name: pgweb-ingress 41 annotations: 42 kubernetes.io/ingress.class: "public" 43 cert-manager.io/cluster-issuer: "lets-encrypt" 44spec: 45 tls: 46 - hosts: 47 - pgweb.kdev.antosubash.com 48 secretName: pgweb-tls 49 rules: 50 - host: pgweb.kdev.antosubash.com 51 http: 52 paths: 53 - pathType: Prefix 54 path: "/" 55 backend: 56 service: 57 name: pgweb-service 58 port: 59 number: 8080
apply the deployment.
1microk8s kubectl apply -f pgweb.yml
lets check the pods.
1microk8s kubectl get pods
lets check the services.
1microk8s kubectl get services
lets check the ingress.
1microk8s kubectl get ingress
Now we have the adminer
tool deployed. lets test it.
make sure to replace the
pgweb.kdev.antosubash.com
with your domain name.
Lets visit the adminer
tool. https://pgweb.kdev.antosubash.com and login with the following credentials.
1System: PostgreSQL 2Server: postgres.default.svc.cluster.local 3Username: postgres 4Password: my_postgres_password 5Database: test
Conclusion
In this post, we have deployed the docker registry and postgres database to the microk8s cluster. we have also deployed the adminer
tool to test the database. In the next post, we will deploy a simple dotnet core application to the microk8s cluster.
Part 4. Create and deploy .Net application in MicroK8s
Credits
Docker registry is secured based on this post https://timvw.be/2021/11/08/hosting-a-secure-registry-on-microk8s/