If you are deploying ONAP component independently (not coupled with ONAP chart) then you can create secret like below
kubectl create secret docker-registry onap-docker-registry-key --docker-server=nexus3.onap.org:10001 --docker-username=docker --docker-password=docker --docker-email=@ --namespace onap
Note: here I am using onap namespace to deploy components
Take a look into onap chart template directory.
onap/templates/secrets.yaml
onap/templates/clusterrolebinding.yaml
Dominic Lunanuova
On Ubuntu-16.04 following would work
cat /etc/systemd/system/docker.service.d/docker.conf
[Service]
ExecStart=/usr/bin/dockerd -H fd:// --insecure-registry=nexus3.onap.org:10001 --insecure-registry=xx.xx.xx.xx:5000
if you want you can also include --max-concurrent-downloads=9 (however this depends on system CPUs)
systemctl daemon-reload
systemctl restart docker
Later check docker info
if you want insecure docker registry to act as a proxy to nexus3 then you need to start the docker as follows
docker run -d -p 5000:5000 --restart=unless-stopped --name registry -v /opt/docker-registry:/var/lib/registry -e REGISTRY_PROXY_REMOTEURL=https://nexus3.onap.org:10001 registry:2
Note: in my case -v (volume is externally mounted). if you don't have an external disk then you don't have to use volume option
Steps to add a local insecure docker registry to your kubernetes cluster:
{
"insecure-registries": [
"10.12.5.45:5000"
]
}
Other notes:
My install already had a file /etc/systemd/system/docker.service.d/docker.conf which had an existing setting for --insecure-registry. i.e.
$ cat /etc/systemd/system/docker.service.d/docker.conf
[Service]
ExecStart=/usr/bin/dockerd -H fd:// --insecure-registry=nexus3.onap.org:10001
References:
https://giovanni.wordpress.com/2016/03/16/how-to-use-a-private-docker-registry-from-kubernetes/
https://docs.docker.com/config/daemon/systemd/#start-the-docker-daemon
https://docs.docker.com/engine/reference/commandline/dockerd//#daemon-configuration-file
In my WindRiver environment, I have the following hosts:
I am able to deploy helm charts successfully as long as they reference images already in nexus3. However, I want to be able to create new containers and test them prior to pushing to nexus3. But when I update the value of the repository: attribute in values.yaml, it doesn't seem to work. No matter if I leave the repository attribute as null, or put the IP address:Port of my docker registry, it fails without identifying the registry it is trying to pull from. e.g. I get:
Failed to pull image "onap/aaf/aaf_agent:2.1.2-SNAPSHOT": rpc error: code = Unknown desc = Error response from daemon: repository onap/aaf/aaf_agent not found: does not exist or no pull access
Error syncing pod
I suspect this has to do with needing to configure kubernetes to add an insecure registry. What are the general instructions for doing this on a kubernetes cluster?
I had two problems:
the first problem was masking the behavior of the 2nd problem. But if you avoid making that first mistake, at least you will see clearer errors that you really don't have access to the registry.
Note to self on the docker cmds needed on the build server.
docker build . --tag ${image}:${ver}
docker tag ${image}:${ver} 10.12.5.45:5000/${image}:${ver}
docker push 10.12.5.45:5000/${image}:${ver}