Skip to content

Setting Up a Private Docker Registry with LKE and Object Storage Proposed Changes #7191

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
Rajakavitha1 opened this issue Feb 11, 2025 · 1 comment
Closed

Setting Up a Private Docker Registry with LKE and Object Storage Proposed Changes #7191

Rajakavitha1 opened this issue Feb 11, 2025 · 1 comment
Assignees
@Rajakavitha1
Labels
inaccurate guide

Comments

@Rajakavitha1
Copy link
Collaborator

Link: https://www.linode.com/docs/guides/how-to-setup-a-private-docker-registry-with-lke-and-object-storage/

Issue

You may want to see about updating this doc. I ran into an error on creating the container registry at 'install cert-manager' step 5 and get the following error:
$ helm install cert-manager jetstack/cert-manager --namespace cert-manager
Error: INSTALLATION FAILED: failed post-install: 1 error occurred:
       * timed out waiting for the condition

I was able to work around it by using the following command:

$ helm install cert-manager jetstack/cert-manager --namespace cert-manager --version v1.17.0 --set crds.enabled=true

Suggested Fix

I was able to work around it by using the following command:

$ helm install cert-manager jetstack/cert-manager --namespace cert-manager --version v1.17.0 --set crds.enabled=true
@Rajakavitha1 Rajakavitha1 self-assigned this Feb 11, 2025
@Rajakavitha1
Copy link
Collaborator Author

Tested and validated the guide and it works as documented. Unable to reproduce the issue.

rkodhand@blr-mpe5j ~ % export KUBECONFIG=~/Downloads/testing-kubeconfig.yaml
rkodhand@blr-mpe5j ~ % kubectl get nodes
NAME                            STATUS   ROLES    AGE   VERSION
lke343563-544597-07f7c7040000   Ready    <none>   20h   v1.32.1
lke343563-544597-41da333b0000   Ready    <none>   20h   v1.32.1
rkodhand@blr-mpe5j ~ % helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /Users/rkodhand/Downloads/testing-kubeconfig.yaml
WARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /Users/rkodhand/Downloads/testing-kubeconfig.yaml
"ingress-nginx" has been added to your repositories
rkodhand@blr-mpe5j ~ % helm repo update
WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /Users/rkodhand/Downloads/testing-kubeconfig.yaml
WARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /Users/rkodhand/Downloads/testing-kubeconfig.yaml
Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "ingress-nginx" chart repository
...Successfully got an update from the "strimzi" chart repository
...Successfully got an update from the "seldon-charts" chart repository
Update Complete. ⎈Happy Helming!⎈
rkodhand@blr-mpe5j ~ % helm repo update
WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /Users/rkodhand/Downloads/testing-kubeconfig.yaml
WARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /Users/rkodhand/Downloads/testing-kubeconfig.yaml
Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "seldon-charts" chart repository
...Successfully got an update from the "ingress-nginx" chart repository
...Successfully got an update from the "strimzi" chart repository
Update Complete. ⎈Happy Helming!⎈
rkodhand@blr-mpe5j ~ % helm install ingress-nginx ingress-nginx/ingress-nginx
WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /Users/rkodhand/Downloads/testing-kubeconfig.yaml
WARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /Users/rkodhand/Downloads/testing-kubeconfig.yaml
NAME: ingress-nginx
LAST DEPLOYED: Thu Feb 13 08:48:18 2025
NAMESPACE: default
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
The ingress-nginx controller has been installed.
It may take a few minutes for the load balancer IP to be available.
You can watch the status by running 'kubectl get service --namespace default ingress-nginx-controller --output wide --watch'

An example Ingress that makes use of the controller:
  apiVersion: networking.k8s.io/v1
  kind: Ingress
  metadata:
    name: example
    namespace: foo
  spec:
    ingressClassName: nginx
    rules:
      - host: www.example.com
        http:
          paths:
            - pathType: Prefix
              backend:
                service:
                  name: exampleService
                  port:
                    number: 80
              path: /
    # This section is only required if TLS is to be enabled for the Ingress
    tls:
      - hosts:
        - www.example.com
        secretName: example-tls

If TLS is enabled for the Ingress, a Secret containing the certificate and key must also be provided:

  apiVersion: v1
  kind: Secret
  metadata:
    name: example-tls
    namespace: foo
  data:
    tls.crt: <base64 encoded cert>
    tls.key: <base64 encoded key>
  type: kubernetes.io/tls
rkodhand@blr-mpe5j ~ % kubectl --namespace default get services -o wide -w ingress-nginx-controller
NAME                       TYPE           CLUSTER-IP       EXTERNAL-IP      PORT(S)                      AGE   SELECTOR
ingress-nginx-controller   LoadBalancer   10.128.164.128   172.232.100.70   80:31488/TCP,443:30475/TCP   40s   app.kubernetes.io/component=controller,app.kubernetes.io/instance=ingress-nginx,app.kubernetes.io/name=ingress-nginx
dig +short registry.example.com

^Z
zsh: suspended  kubectl --namespace default get services -o wide -w ingress-nginx-controller
rkodhand@blr-mpe5j ~ % export KUBECONFIG=~/Downloads/testing-kubeconfig.yaml
rkodhand@blr-mpe5j ~ % kubectl get svc
NAME                                 TYPE           CLUSTER-IP       EXTERNAL-IP      PORT(S)                      AGE
ingress-nginx-controller             LoadBalancer   10.128.164.128   172.232.100.70   80:31488/TCP,443:30475/TCP   110s
ingress-nginx-controller-admission   ClusterIP      10.128.93.160    <none>           443/TCP                      110s
kubernetes                           ClusterIP      10.128.0.1       <none>           443/TCP                      20h
rkodhand@blr-mpe5j ~ % kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/latest/download/cert-manager.crds.yaml
customresourcedefinition.apiextensions.k8s.io/certificaterequests.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/certificates.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/challenges.acme.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/clusterissuers.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/issuers.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/orders.acme.cert-manager.io created
rkodhand@blr-mpe5j ~ % kubectl create namespace cert-manager
namespace/cert-manager created
rkodhand@blr-mpe5j ~ % helm repo add jetstack https://charts.jetstack.io
WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /Users/rkodhand/Downloads/testing-kubeconfig.yaml
WARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /Users/rkodhand/Downloads/testing-kubeconfig.yaml
"jetstack" has been added to your repositories
rkodhand@blr-mpe5j ~ % helm repo update
WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /Users/rkodhand/Downloads/testing-kubeconfig.yaml
WARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /Users/rkodhand/Downloads/testing-kubeconfig.yaml
Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "seldon-charts" chart repository
...Successfully got an update from the "ingress-nginx" chart repository
...Successfully got an update from the "jetstack" chart repository
...Successfully got an update from the "strimzi" chart repository
Update Complete. ⎈Happy Helming!⎈
rkodhand@blr-mpe5j ~ % helm install cert-manager jetstack/cert-manager --namespace cert-manager
WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /Users/rkodhand/Downloads/testing-kubeconfig.yaml
WARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /Users/rkodhand/Downloads/testing-kubeconfig.yaml
NAME: cert-manager
LAST DEPLOYED: Thu Feb 13 08:51:55 2025
NAMESPACE: cert-manager
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
cert-manager v1.17.0 has been deployed successfully!

In order to begin issuing certificates, you will need to set up a ClusterIssuer
or Issuer resource (for example, by creating a 'letsencrypt-staging' issuer).

More information on the different types of issuers and how to configure them
can be found in our documentation:

https://cert-manager.io/docs/configuration/

For information on how to configure cert-manager to automatically provision
Certificates for Ingress resources, take a look at the `ingress-shim`
documentation:

https://cert-manager.io/docs/usage/ingress/
rkodhand@blr-mpe5j ~ %

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Rajakavitha1 Rajakavitha1

Labels
inaccurate guide
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Rajakavitha1