[help] Harbor as private registry for microk8s

Hi,
For my projects, I want MicroK8s to only pull images from my private registry and avoid downloading from Docker Hub or other public registries.

I’m using MicroK8s v1.31.2 and have set up an external Harbor registry. I followed the steps in the registry-private documentation for version 1.23 or newer, including configuring the daemon.json file with the mirror settings. However, when I restart MicroK8s, I encounter these issues:

  1. MicroK8s fails to pull images from my registry.
  2. Public registries still seem to be accessible.

The harbor is a insecure registry (http) and is well configured because i can use it with docker but i must to specify the url as docker pull 192.168.1.140:5280/myprojectname.io/nginx:latest

I tried to make a mirror from docker. io to my registry to specify the images on my .yaml files

  • hosts.toml file
# /var/snap/microk8s/current/args/certs.d/docker.io/hosts.toml
server = "http://192.168.1.140:5280"

[host."https://docker.io"]
capabilities = ["pull", "resolve"]
override_path = true
insecure = true
  • ./nginx/values.yaml
apiVersion: v1
kind: Pod
metadata:
  name: nginx-custom
  labels:
    app: nginx
spec:
  containers:
  - name: nginx
    image: myprojectname.io/nginx:latest
    ports:
    - containerPort: 6080

It works if i specify the image full url as on docker example, but i dot want to specify on all my pods or services the same url. I want they to be more dynamic.

Im missing something?

Can someone help or guide me on the proper way to enforce a private registry with MicroK8s and harbor?

Thanks in advance!

Hi, Nxito

Hi, I am using Harbor as a local registry to generate Kubernetes cluster, if I understand your question correctly, I think you should check with these commands.

curl -v https://<your-registry-domain>/v2/
Enable microk8s registry

AND  

kubectl create secret docker-registry <secret-name> \
--docker-server=<your-registry-domain> \
--docker-username=<username> \
--docker-password=<password> \
--docker-email=<email>
In this path /etc/docker/daemon.json
{
"insecure-registries": ["<your-registry-domain>"]
}

Apply the same configuration to MicroK8s by editing /var/snap/microk8s/current/args/containerd-template.toml. Add this in [plugins.“io.containerd.grpc.v1.cri”.registry.mirrors]

Endpoint = ["http://<your-registry-domain>"]

microk8s stop

microk8s start

microk8s ctr images <your-registry-domain>/<your-image> pull:<tag>

Thanks for the response
I tried that configuration, but i think it’s for older versions than 1.23.
( https://microk8s.io/docs/registry-private )


With your configuration, im geting this error on every command after editing /var/snap/microk8s/current/args/containerd-template.toml:

The connection to the server 127.0.0.1:16443 was refused - did you specify the right host or port?

I tried a method with the secret docker-registry that adds the secret to the values.yaml file

template:
    spec:
      imagePullSecrets:
      - name: harbor-secret 

That works but is not the mirror configuration and makes me add to all my config files the secret

The main thing i want to do its just to replace the use of docker .io for my harbor registry as the main registry for pulling images.


Update:

i want this

microk8s ctr images pull myprojectname.io/nginx:latest --plain-http -k

to work like this

microk8s ctr images pull 192.168.1.140:5280/myprojectname.io/nginx:latest --plain-http -k

Hi

Ok
first login to harbor registry AND add this line in /etc/hosts ```
192.168.1.140 myprojectname.io

$ sudo vim /var/snap/microk8s/current/args/containerd-template.toml

Adding a Mirror to the Registry
[plugins.“io.containerd.grpc.v1.cri”.registry.mirrors.“myprojectname.io”]
endpoint = [“http://192.168.1.140:5280”]

$ microk8s stop
$ microk8s start

$ microk8s ctr images pull myprojectname.io/nginx:latest --plain-http -k