Docker Private Registry

To setup Microk8s, see previous post

Enable required microk8s add-ons:

microk8s.enable ingress registry

In order to push images from your development machine to a Microk8s docker private registry, you may want to expose it outside of the host.

Note: these instructions can easily be adapted to expose a docker private registry container running on any kubernetes cluster – not just microk8s

Create User Credentials

Create credentials to be use when accessing registry.

Create password

The easiest way is to use htpasswd on a docker container (please note that docker is no longer part of microk8s but you can install it using snap)

docker run --entrypoint htpasswd registry:2 -bn <user> <password> >> auth


  • the file MUST be called auth or you will get an 503 error when trying to access the repo
  • If you generate the password using bcrypt (-B) you may get a 500 error when trying to access the repo. Inspecting the logs for the nginx pod you may see something like:
stderr F 2019/05/12 17:34:15 [crit] 1306#1306: *18049 crypt_r() failed (22: Invalid argument), ...

Create Secret

kubectl create secret generic basic-auth --namespace=container-registry --from-file=auth


Create Let’s Encrypt certificate

See this post: how to generate certificates using a docker container

Create tls secret

Find the fullchain.pem and privkey.pem files generated by letsencrypt and then create the secret:

kubectl create secret tls tlssecret --cert=fullchain.pem --key=privkey.pem --namespace=container-registry 

Create ingress for registry

apiVersion: extensions/v1beta1
kind: Ingress
  name: registry
  namespace: container-registry
  annotations: basic basic-auth 'Authentication Required' "0"
  - host:
      - backend:
          serviceName: registry
          servicePort: 5000
  - hosts:
    secretName: tlsecret

Replace with your public hostname

You can use kubectl to apply or the kubernetes dashboard.


Make sure that you have adjusted the DNS to point to your Microk8s host and that the port 80 is accessible to you.

On your browser navigate to:


you should be prompted to enter your credentials and after that should get a boring “{}” response 🙂

Configure kubernetes

kubectl create secret docker-registry --docker-username=<user> --docker-password=<password>

Login from your development machine

docker login



Leave a Reply

Avatar placeholder