Setting up a local Kubernetes cluster with insecure registries
Setting up a local Minikube is a straightforward process, but if you want to use insecure registries in development then it might get a little bit tricky. This article is a short guide to make it run.
Minikube Installation
Check their README for more details, in a Mac you would typically do this:
brew cask install virtualboxbrew install kubectl
Add the insecure registries
The important step here is that when you start minikube for the first time, pass the insecure-registry
flag:
minikube start --insecure-registry="your.private.repo:PORT"
The flag accepts one registry, if you have more, pass it several times. If you have started previously Minikube without the flag, delete the machine and don’t lose more time. I will repeat it because you might keep going and lose all morning. If you have started minikube and didn’t pass the flag, delete the machine:
minikube delete
And this is probably all the advice you needed today :)
So start minikube with the insecure registry flag and now enable the registry credentials add-on:
minikube addons configure registry-creds
minikube addons enable registry-creds
You will be prompted to add AWS, Google or Docker registries. Add the URL of your private Docker here.
Now check the VM has access to the registry manually:
minikube ssh
docker login your.private.repo
docker pull your.private.repo/whatever-image
At this point you should be able to use images from your private registry ignoring the certificates. If you keep seeing “x509: certificate signed by unknown authority” follow your steps back.
Kubernetes will need to have a secret in order to get access to the images:
kubectl create secret docker-registry my-secret --docker-server="https://your.private.repo" --docker-username=”USER” --docker-password=”PASS” --docker-email=”YOU@COMPANY”
Done!
At this point you can start working with Kubernetes and the private images will be sucessfully taken from the registry.
Enjoy!