I have installed nexus on Kubernetes (Azure - AKS). When I created docker hosted repo, I can’t be able to reachout to nexus.
For example, nexus is runnig at Port 8081. I have created docker hosted repo at 9090 port. I know in deployment yml file we have to add additional port number as 9090. But in future, if I want to create docker hosted repo at different port 8090, then do I need to add this port to deployment yml file ?
Is there a way I can configure port range from 8080 to 9090 in deployment yml or service yml ??
In order to make a docker registry work, you need two things:
- The repository has to be created (and given a port number).
- Provide a way for traffic from the network to reach the port created in the first step.
In an install on a regular server, creating a docker repo opens an unencrypted port on localhost. You’d then typically use nginx to “proxy” requests from the network work to the Docker repo ports (ie. network:8080 → localhost:8080). Nginx not only provides connectivity but also adds SSL - which Docker seems to need.
It’s absolutely possible to setup 10 configurations for nginx for ports in the range 8080 to 8090 (or whatever). If anyone tries to use them, nginx will give an error because it won’t be able to reach an actual service on a port that hasn’t yet got a repository created on it. You’ll need to do something similar with Kubernetes, although exactly what isn’t my speciality. Be aware though, if the thing providing connectivity performs “service checks” to make sure the service is really there, these checks will fail unless you’ve created the repos behind them. Not a problem for nginx, but may be a concern for kubernetes.
The development.yml change is only necessary to work around not using SSL. Using a proxy as @ralph.bolton suggested is a pretty good way to secure the docker endpoints. Alternatively, you can configure repository manager to use SSL and set an SSL port on your docker repository. See Configuring SSL for more details on that.
Thanks for the response. I will try and let you guys know.