Question

How to correctly handle certificates and secrets for private docker registry.

Hi,

I have followed this tutorial, but I get


Error response from daemon: login attempt to https://space.registered-domain/v2/ failed with status: 403 Forbidden

To give some context, I am working from a workstation which has no domain name assigned to it and cannot access it from the outside (it is behind a router firewall from an ISP). Would those be a prerequisite to be able to interact with the private docker registry ? In the tutorial, the ingress is:

ingress:
  enabled: true
  hosts:
    - registry.your_domain
  annotations:
    kubernetes.io/ingress.class: nginx
    cert-manager.io/cluster-issuer: letsencrypt-prod
    nginx.ingress.kubernetes.io/proxy-body-size: "30720m"
  tls:
    - secretName: docker-registry-prod
      hosts:
        - registry.your_domain

Is the ‘registry.your_domain’ the domain I registered on my digitalocean kubernetes cluster or the one for my workstation ?

Thanks for any clarifications.

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

John KwiatkoskiJuly 2, 2020

The registry.your_domain is the hostname that resolves to your registry in Kubernetes cluster. I would look now into the DOCR product we offer!

https://www.digitalocean.com/docs/images/container-registry/

Regards,

John Kwiatkoski Senior Developer Support Engineer - Kubernetes