https://rancher.com/ logo
s

some-petabyte-4846

12/01/2022, 7:01 PM
Docker registry for test images. Is there a way to install docker registry within k3s so that we can use local docker registry for images just for testing and cleanup images every few days from within a cronjob in the cluster? Thanks in advance. Cheers
c

creamy-pencil-82913

12/01/2022, 8:25 PM
yes, you can run docker.io/library/registry inside k3s, same as anything else
On k3s at least you can put a Service in front of it and point registries.yaml at that service, and it will try to pull from it, and fall back to upstream if it’s not available
although Rancher Desktop uses its own version of containerd/cri-dockerd, and therefore doesn’t support registries.yaml
so you’d have to explicitly pull your images from that local registry
👍 1
s

some-petabyte-4846

12/01/2022, 8:27 PM
Thanks @creamy-pencil-82913 but I do not want my images to go out of the cluster and push and push just works from within cluster reason is experimental images can be in local cluster only for single sprint until the images pass qa we keep rebuilding them everyday
f

fast-garage-66093

12/01/2022, 8:27 PM
I wrote some code for testing registry credential support that creates an internal registry: https://github.com/rancher-sandbox/rancher-desktop/blob/main/bats/tests/registry/creds.bats
👀 1
It obviously relies on the test framework definitions, but you can probably extract the relevant information to set this up yourself. It does use a fake
registry.internal
name for the registry and even creates SSL certs for it.
$CRCTL
would be
docker
or
nerdctl
, depending on which container engine you are using. The rest of the variables are hopefully self-explanatory.
👍 1
s

some-petabyte-4846

12/01/2022, 8:30 PM
Interesting idea @fast-garage-66093 thanks for sharing the code somewhat I wanted to write in go but probably simpler than that
I use nerdctl
Thanks 🙏 both of you gentlemen:-)
I will give it a whirl shortly
f

fast-garage-66093

12/01/2022, 8:31 PM
This is just a test script to verify that logging into private registries works in different scenarios. The one piece still missing is using client certificates instead of basic auth
👍 1
s

some-petabyte-4846

12/01/2022, 8:34 PM
For local cluster on my MacBook it is ok to just use basic auth
I can add client cert bit later on if required and contribute back to you cheers
f

fast-garage-66093

12/01/2022, 8:35 PM
I think we may be missing the bit where we import the client certs from the host into the VM on Windows, but it should already work on macOS and Linux
It should be trivial to add on Windows; I think we just forgot to do it
s

some-petabyte-4846

12/01/2022, 8:36 PM
Cool beans
I am not windows user so no worries thanks
f

fast-garage-66093

12/01/2022, 8:39 PM
I just realized you asked about setting it up in k3s; my example code deploys it directly to the container runtime, and not on top of k3s, in case that makes a difference to you. You should still be able to use the images from k3s though.
👍 1
s

some-petabyte-4846

12/01/2022, 8:40 PM
Even better because I just use the dev k3s rancher desktop for developing developer pods for developers with custom stuff in the images of these pods
Developers then use real private enterprise registry but while I am developing solutions I just want to rebuild images each time with each change or time stamp as the tag
We could even build images 100s of time each day for testing and qa automated tests etc automatically
We just want yo keep rebuilding until the images are stable for X amount of time from The dev branch
Images qa matrix each day