(Inside of Kubernetes since Azure Container Registry isn't available in Azure Government)
TBD
TBD
- Create Azure Storage account for registry Azure File Share
az storage account create -g <RESOURCE_GROUP> -n <ACCOUNT_NAME> -l <LOCATION> az storage share create --account-name <ACCOUNT_NAME> -n registry
- Copy template to .ignore file (.ignore extension prevents accidental commit of the file with secrets)
cp registry/deployment.secret.yaml registry/deployment.secret.yaml.ignore
- Get Azure Storage account name and key, base 64 encode it, and replace it in
deployment.secret.yaml.ignorebase64 <ACCOUNT_NAME> #Copy this value into the yaml.ignore file's azurestorageaccountname az storage account keys list -g <RESOURCE_GROUP> -n <ACCOUNT_NAME> base64 <KEY1_VALUE> #Copy this value into the yaml.ignore file's azurestorageaccountkey
- Deploy Azure Storage secret
kubectl create -f registry/deployment.secret.yaml.ignore
- Deploy registry
kubectl create -f registry/deployment.yaml
- Expose registry
kubectl expose service registry
IGNORE - ONLY NEEDED IF NOT USSING SSL (nginx ingress & lego ingress)
- Expose as LoadBalancer instead of default ClusterIP:
kubectl expose deployment registry --type=LoadBalancer
- Get the public IP address for hte registry
kubectl get service registry
- Add a DNS name to that IP in Azure
az network public-ip update -n <NAME_OF_IP> -g <RESOURCE_GROUP> --dns-name <NAMING_PREFIX>-registry
- Create storage account through ARM template
- Scale (at least add another replica)
- Start with 1 replica (
docker pushdoesn't work across multiple) - Then add more replicas for
docker pull?
- Start with 1 replica (
- Add SSL cert and DNS entry
- Add Auth
- Make service part of config not a command
Setup SSL for the Docker registry
https://docs.docker.com/registry/ https://docs.docker.com/registry/deploying/