Akom's Tech Ruminations

Various tech outbursts - code and solutions to practical problems
Random Entry: Nagios check_ntp quits working in 2009 with Offset unknown
< Bootstrapping S3/CloudFront with LetsEncrypt

Automating minikube configuration to log in to a Docker Private Registy.

Posted by Admin • Tuesday, March 14. 2023 • Category: DevOps

In CI, I am using minikube for local testing on my nodes.  In the name of repeatable builds, I completely rebuild minikube after each build (minikube delete, minikube start).   I am also using an internal Docker Private Registry (DPR or DTR).  Same methodology applies if you are using Google Container Registry or the Amazon equivalent.  In order to authenticate to DPR, I am using the registry-creds addon.  It is normally configured interactively:

$ minikube addons configure registry-creds

Do you want to enable Docker Registry? [y/n]: y

It then asks you some questions and expects user input.  

Automating

I want this automated, as it will be running several times an hour.  The addon config does not take any parameters, so I'm taking a different approach.  The configure step creates some credentials in k8s, and it is possible to transfer them from one cluster to another.  This is how I am doing it:


Log in manually (once)

Go through the configure steps manually once, then:

$ kubectl get secrets                                                                                                                                                                  
NAME          TYPE                             DATA   AGE                                               
acr-secret    kubernetes.io/dockerconfigjson   1      2m22s
awsecr-cred   kubernetes.io/dockerconfigjson   1      2m23s
dpr-secret    kubernetes.io/dockerconfigjson   1      2m23s                                                                                                                                                       
gcr-secret    Opaque                           0      2m23s

Attention: there seems to be a delay (a minute or so) before secrets appear, possibly after you enable the addon

Note that you now have some secrets in k8s.  Since I care about DPR, I want dpr-secret:

$ kubectl get secret dpr-secret -o yaml > dpr-login.yaml

Now I can apply this yaml on all my CI machines, in some automated way:

$ kubectl apply -f dpr-login.yaml

Then, I need to enable the addon:

$ minikube addons enable registry-creds

And I'm done.  If your Docker Registry is insecure (eg using self-signed certs), you'll need to add an option to your minikube start command, eg:

$ minikube start --insecure-registry my.registry.domain

Other Methods

If you are using minikube with docker, you can simply log into your registry with docker using

$ docker login my.registry.domain

This is, again, interactive, but you can use the same approach and copy the ~/.docker/config.json to all your nodes once you've done this once.

The reason I am not using this approach is because I'm using kvm2 driver with minikube instead of docker.

0 Trackbacks

Trackback specific URI for this entry
  1. No Trackbacks

0 Comments

Display comments as (Linear | Threaded)
  1. No comments

Add Comment


You can use [geshi lang=lang_name [,ln={y|n}]][/geshi] tags to embed source code snippets.
Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.
Markdown format allowed


Submitted comments will be subject to moderation before being displayed.