How to correctly handle certificates and secrets for private docker registry.

Posted June 10, 2020
Kubernetes DigitalOcean Managed Kubernetes Docker

Hi,

I have followed this tutorial, but I get


Error response from daemon: login attempt to https://space.registered-domain/v2/ failed with status: 403 Forbidden

To give some context, I am working from a workstation which has no domain name assigned to it and cannot access it from the outside (it is behind a router firewall from an ISP). Would those be a prerequisite to be able to interact with the private docker registry ? In the tutorial, the ingress is:

ingress:
  enabled: true
  hosts:
    - registry.your_domain
  annotations:
    kubernetes.io/ingress.class: nginx
    cert-manager.io/cluster-issuer: letsencrypt-prod
    nginx.ingress.kubernetes.io/proxy-body-size: "30720m"
  tls:
    - secretName: docker-registry-prod
      hosts:
        - registry.your_domain

Is the ‘registry.your_domain’ the domain I registered on my digitalocean kubernetes cluster or the one for my workstation ?

Thanks for any clarifications.

zita13

Submit an answer

You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

John Kwiatkoski • July 2, 2020

The registry.your_domain is the hostname that resolves to your registry in Kubernetes cluster. I would look now into the DOCR product we offer!

https://www.digitalocean.com/docs/images/container-registry/

Regards,

John Kwiatkoski Senior Developer Support Engineer - Kubernetes

Join the DigitalOcean Community