Steps#
Tips: add k3s completion bash#
Add bash completion
1
2
3
4
5
6
| cat << EOF | tee -a ~/.profile
source <(sudo k3s kubectl completion bash)
alias k='kubectl'
alias kubectl='sudo k3s kubectl'
complete -o default -F __start_kubectl k
EOF
|
Reload profile
Get the registry cert#
1
| $ sudo mkdir -p /certs/registry.lab7.local && cd /certs/registry.lab7.local
|
You can copy your certs to the node, or download it if you put on webserver, then the cert to the directory.
Make registry configuration for k3s#
1
| $ sudo nano /etc/rancher/k3s/registries.yaml
|
1
2
3
4
5
6
7
8
9
10
11
12
| # add this, depends on our setting before
mirrors:
"registry.lab7.local":
endpoint:
- "https://registry.lab7.local"
configs:
"registry.lab7.local":
auth:
username: admin
password: gladiators88
tls:
ca_file: "/certs/registry.lab7.local/server.crt"
|
Then restart your k3s service
1
| $ sudo systemctl restart k3s.service
|
Testing#
Create a pod with image from the registry
1
2
3
4
5
6
7
8
9
10
11
12
| cat << EOF | tee nginx-lab7.yaml
apiVersion: v1
kind: Pod
metadata:
name: nginx-lab7
spec:
containers:
- image: registry.lab7.local/nginx:alpine
name: nginx
dnsPolicy: ClusterFirst
restartPolicy: Always
EOF
|
1
| $ kubectl apply -f nginx-lab7.yaml
|
Verify
1
2
3
4
5
6
7
8
9
10
11
| $ kubectl get pod
#output
NAME READY STATUS RESTARTS AGE
nginx-lab7 1/1 Running 0 2d12h
$ kubectl describe pod nginx-lab7 | grep -i image
#output
Image: registry.lab7.local/nginx:alpine
Image ID: registry.lab7.local/nginx@sha256:2c8018e59b9ce43bd27955c844c85667409a96ecaa5180fa663cd6008ccdc663
|
There you go, our k3s finally connect to a private registry :D
Refference:#