Page History

...

Code Block

[root@k8s-worker01 ~]# docker swarm init --advertise-addr 52.231.65.113
Swarm initialized: current node (0zhxqeqg5zcidk4mte87htlej) is now a manager.

To add a worker to this swarm, run the following command:

    docker swarm join \
    --token SWMTKN-1-2pe05um3cnu3z8ktyxkjmozujgmmvffdct4dz81bd2dghurjyr-eu3oqllp4b637iksavox60t0x \
    52.231.65.113:2377

To add a manager to this swarm, run 'docker swarm join-token manager' and follow the instructions.

[root@k8s-worker01 ~]#
[root@k8s-worker01 ~]#
[root@k8s-worker01 ~]#
[root@k8s-worker01 ~]# docker secret create domain.crt certs/domain.crt
ulpoxrnjasokhz9tv3yx0cocy
[root@k8s-worker01 ~]#
[root@k8s-worker01 ~]#
[root@k8s-worker01 ~]# docker secret create domain.key certs/domain.key
5gbj3r3s81bmxp4s1ueduzdtm
[root@k8s-worker01 ~]#
[root@k8s-worker01 ~]# docker node ls
ID                           HOSTNAME      STATUS  AVAILABILITY  MANAGER STATUS
0zhxqeqg5zcidk4mte87htlej *  k8s-worker01  Ready   Active        Leader
[root@k8s-worker01 ~]#
[root@k8s-worker01 ~]#
[root@k8s-worker01 ~]#
[root@k8s-worker01 ~]# docker node update --label-add registry=true 0zhxqeqg5zcidk4mte87htlej
0zhxqeqg5zcidk4mte87htlej
[root@k8s-worker01 ~]#
[root@k8s-worker01 ~]#
[root@k8s-worker01 ~]# docker service create \
>   --name registry \
>   --secret domain.crt \
>   --secret domain.key \
>   --constraint 'node.labels.registry==true' \
>   --mount type=bind,src=/mnt/registry,dst=/var/lib/registry \
>   -e REGISTRY_HTTP_ADDR=0.0.0.0:443 \
>   -e REGISTRY_HTTP_TLS_CERTIFICATE=/run/secrets/domain.crt \
>   -e REGISTRY_HTTP_TLS_KEY=/run/secrets/domain.key \
>   --publish published=443,target=443 \
>   --replicas 1 \
>   registry:2
7bzq5bkrm51i9nmjtyaqyizkq
[root@k8s-worker01 ~]#
[root@k8s-worker01 ~]# mkdir auth
[root@k8s-worker01 ~]# docker run \
>   --entrypoint htpasswd \
>   registry:2 -Bbn testuser testpassword > auth/htpasswd
[root@k8s-worker01 ~]# docker container stop registry
registry
[root@k8s-worker01 ~]# docker run -d \
>   -p 5000:5000 \
>   --restart=always \
>   --name registry2 \
>   -v "$(pwd)"/auth:/auth \
>   -e "REGISTRY_AUTH=htpasswd" \
>   -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm" \
>   -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
>   -v "$(pwd)"/certs:/certs \
>   -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
>   -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
>   registry:2
fe488ab1873a563e868a336dfbdb962f10429d2adf813d41d7eb5b46a4f6c565

Info

$ docker run -d \
  --restart=always \
  --name registry \
  -v "$(pwd)"/certs:/certs \
  -e REGISTRY_HTTP_ADDR=0.0.0.0:443 \
  -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
  -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
  -p 443:443 \
  registry:2

...

Page tree

Versions Compared

Old Version 7

New Version 8

Key