I will explain the how can we open the new hosted docker image repository on nexus that’s running on kubernetes cluster. And we will access the repository with service and ingress resources.

Step 1:
Create the new repository on nexus and set the specific ports to using for image reposiyory. You can find information about installation of nexus repository on kubernetes cluster with this link.

Step2:
Create new service to access the repository. You should specified the pod name for nexus application.

vim repo_svc.yaml

---
apiVersion: v1
kind: Service
metadata:
  namespace: nexus
  name: nexus-docker-repo1
  labels:
    app: nexus-docker-repo1
spec:
  ports:
  - port: 8083
    protocol: TCP
    name: specific
  selector:
    app: nexus # specified the nexus pod name
  type: NodePort

kubectl apply -f repo_svc.yaml

Step3:
Create new selfsigned certficate for ingress and access the repository with secure connection. Please create below file and edit the domain name for your appliacation.

vim req.conf

[req]
distinguished_name = req_distinguished_name
x509_extensions = v3_req
prompt = no
[req_distinguished_name]
C = AA
ST = AA
L = AA
O = hafifbilgiler
OU = whitefang
CN = docker-repo1.192.168.56.116.nip.io
[v3_req]
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = docker-repo1.192.168.56.116.nip.io

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /opt/tls_repo_key.key -out /opt/tls_repo_crt.crt -config req.conf -extensions 'v3_req'

Step4:
Create the secret to use our created certifcate for ssl connection.

kubectl create secret tls nexus-docker-repo1 -n nexus --cert=/opt/tls_repo_crt.crt --key=/opt/tls_repo_key.key

Step5:
Create the ingress to access the repository.

vim repo_ing1.yaml

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  namespace: nexus
  name: nexus-docker-repo1
spec:
  ingressClassName: nginx
  rules:
  - host: docker-repo1.192.168.56.116.nip.io
    http:
      paths:
      - backend:
          service:
            name: nexus-docker-repo
            port:
              number: 8083
        path: /
        pathType: Prefix
  tls:
  - hosts:
    - docker-repo1.192.168.56.116.nip.io
    secretName: nexus-docker-repo1
status:
  loadBalancer: {}

kubectl apply -f repo_ing1.yaml 

Check your ingress with url on the browser.

Our ingress is running, but we should test with docker. Let’s test it.
Go to linux machine that has a docker. You can test on your worker node. Run the below code and answer the prompt with your admin user or that has a image push and pulling role user with password.

docker login docker-repo1.192.168.56.116.nip.io

If you get error like below, do not worry because our certificate is selfsigned certificate. We must add the certificate on docker.

Copy the your certificate “tls_repo_crt.crt” on your docker machine and run following commands.

mkdir -p /etc/docker/certs.d/docker-repo1.192.168.56.116.nip.io

cp tls_repo_crt.crt /etc/docker/certs.d/docker-repo1.192.168.56.116.nip.io/

systemctl restart docker

Step6:
Try to login again.

That’s it. Have nice works!!!

• LinkedIn
• Instagram
• YouTube
• Medium
• Twitter
• Facebook