Setting Up a Private Docker Registry with LKE and Object Storage Proposed Changes

[Rajakavitha1]

Link: https://www.linode.com/docs/guides/how-to-setup-a-private-docker-registry-with-lke-and-object-storage/

Issue

You may want to see about updating this doc. I ran into an error on creating the container registry at 'install cert-manager' step 5 and get the following error:
$ helm install cert-manager jetstack/cert-manager --namespace cert-manager
Error: INSTALLATION FAILED: failed post-install: 1 error occurred:
       * timed out waiting for the condition

I was able to work around it by using the following command:

$ helm install cert-manager jetstack/cert-manager --namespace cert-manager --version v1.17.0 --set crds.enabled=true

Suggested Fix

I was able to work around it by using the following command:

$ helm install cert-manager jetstack/cert-manager --namespace cert-manager --version v1.17.0 --set crds.enabled=true

[Rajakavitha1]

Tested and validated the guide and it works as documented. Unable to reproduce the issue.

rkodhand@blr-mpe5j ~ % export KUBECONFIG=~/Downloads/testing-kubeconfig.yaml
rkodhand@blr-mpe5j ~ % kubectl get nodes
NAME                            STATUS   ROLES    AGE   VERSION
lke343563-544597-07f7c7040000   Ready    <none>   20h   v1.32.1
lke343563-544597-41da333b0000   Ready    <none>   20h   v1.32.1
rkodhand@blr-mpe5j ~ % helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /Users/rkodhand/Downloads/testing-kubeconfig.yaml
WARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /Users/rkodhand/Downloads/testing-kubeconfig.yaml
"ingress-nginx" has been added to your repositories
rkodhand@blr-mpe5j ~ % helm repo update
WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /Users/rkodhand/Downloads/testing-kubeconfig.yaml
WARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /Users/rkodhand/Downloads/testing-kubeconfig.yaml
Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "ingress-nginx" chart repository
...Successfully got an update from the "strimzi" chart repository
...Successfully got an update from the "seldon-charts" chart repository
Update Complete. ⎈Happy Helming!⎈
rkodhand@blr-mpe5j ~ % helm repo update
WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /Users/rkodhand/Downloads/testing-kubeconfig.yaml
WARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /Users/rkodhand/Downloads/testing-kubeconfig.yaml
Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "seldon-charts" chart repository
...Successfully got an update from the "ingress-nginx" chart repository
...Successfully got an update from the "strimzi" chart repository
Update Complete. ⎈Happy Helming!⎈
rkodhand@blr-mpe5j ~ % helm install ingress-nginx ingress-nginx/ingress-nginx
WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /Users/rkodhand/Downloads/testing-kubeconfig.yaml
WARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /Users/rkodhand/Downloads/testing-kubeconfig.yaml
NAME: ingress-nginx
LAST DEPLOYED: Thu Feb 13 08:48:18 2025
NAMESPACE: default
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
The ingress-nginx controller has been installed.
It may take a few minutes for the load balancer IP to be available.
You can watch the status by running 'kubectl get service --namespace default ingress-nginx-controller --output wide --watch'

An example Ingress that makes use of the controller:
  apiVersion: networking.k8s.io/v1
  kind: Ingress
  metadata:
    name: example
    namespace: foo
  spec:
    ingressClassName: nginx
    rules:
      - host: www.example.com
        http:
          paths:
            - pathType: Prefix
              backend:
                service:
                  name: exampleService
                  port:
                    number: 80
              path: /
    # This section is only required if TLS is to be enabled for the Ingress
    tls:
      - hosts:
        - www.example.com
        secretName: example-tls

If TLS is enabled for the Ingress, a Secret containing the certificate and key must also be provided:

  apiVersion: v1
  kind: Secret
  metadata:
    name: example-tls
    namespace: foo
  data:
    tls.crt: <base64 encoded cert>
    tls.key: <base64 encoded key>
  type: kubernetes.io/tls
rkodhand@blr-mpe5j ~ % kubectl --namespace default get services -o wide -w ingress-nginx-controller
NAME                       TYPE           CLUSTER-IP       EXTERNAL-IP      PORT(S)                      AGE   SELECTOR
ingress-nginx-controller   LoadBalancer   10.128.164.128   172.232.100.70   80:31488/TCP,443:30475/TCP   40s   app.kubernetes.io/component=controller,app.kubernetes.io/instance=ingress-nginx,app.kubernetes.io/name=ingress-nginx
dig +short registry.example.com

^Z
zsh: suspended  kubectl --namespace default get services -o wide -w ingress-nginx-controller
rkodhand@blr-mpe5j ~ % export KUBECONFIG=~/Downloads/testing-kubeconfig.yaml
rkodhand@blr-mpe5j ~ % kubectl get svc
NAME                                 TYPE           CLUSTER-IP       EXTERNAL-IP      PORT(S)                      AGE
ingress-nginx-controller             LoadBalancer   10.128.164.128   172.232.100.70   80:31488/TCP,443:30475/TCP   110s
ingress-nginx-controller-admission   ClusterIP      10.128.93.160    <none>           443/TCP                      110s
kubernetes                           ClusterIP      10.128.0.1       <none>           443/TCP                      20h
rkodhand@blr-mpe5j ~ % kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/latest/download/cert-manager.crds.yaml
customresourcedefinition.apiextensions.k8s.io/certificaterequests.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/certificates.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/challenges.acme.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/clusterissuers.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/issuers.cert-manager.io created
customresourcedefinition.apiextensions.k8s.io/orders.acme.cert-manager.io created
rkodhand@blr-mpe5j ~ % kubectl create namespace cert-manager
namespace/cert-manager created
rkodhand@blr-mpe5j ~ % helm repo add jetstack https://charts.jetstack.io
WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /Users/rkodhand/Downloads/testing-kubeconfig.yaml
WARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /Users/rkodhand/Downloads/testing-kubeconfig.yaml
"jetstack" has been added to your repositories
rkodhand@blr-mpe5j ~ % helm repo update
WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /Users/rkodhand/Downloads/testing-kubeconfig.yaml
WARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /Users/rkodhand/Downloads/testing-kubeconfig.yaml
Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "seldon-charts" chart repository
...Successfully got an update from the "ingress-nginx" chart repository
...Successfully got an update from the "jetstack" chart repository
...Successfully got an update from the "strimzi" chart repository
Update Complete. ⎈Happy Helming!⎈
rkodhand@blr-mpe5j ~ % helm install cert-manager jetstack/cert-manager --namespace cert-manager
WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /Users/rkodhand/Downloads/testing-kubeconfig.yaml
WARNING: Kubernetes configuration file is world-readable. This is insecure. Location: /Users/rkodhand/Downloads/testing-kubeconfig.yaml
NAME: cert-manager
LAST DEPLOYED: Thu Feb 13 08:51:55 2025
NAMESPACE: cert-manager
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
cert-manager v1.17.0 has been deployed successfully!

In order to begin issuing certificates, you will need to set up a ClusterIssuer
or Issuer resource (for example, by creating a 'letsencrypt-staging' issuer).

More information on the different types of issuers and how to configure them
can be found in our documentation:

https://cert-manager.io/docs/configuration/

For information on how to configure cert-manager to automatically provision
Certificates for Ingress resources, take a look at the `ingress-shim`
documentation:

https://cert-manager.io/docs/usage/ingress/
rkodhand@blr-mpe5j ~ %