1. host machine
Add `127.0.0.1 docker-registry.local` to /etc/hosts
2. 生成ca文件
#https://docs.docker.com/registry/insecure/
# common name: docker-registry.local
openssl req \
-newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key \
-x509 -days 365 -out certs/domain.crt3. 启动self-signed registry
docker run -d \
--restart=always \
--name registry \
-v "$(pwd)"/certs:/certs \
-e REGISTRY_HTTP_ADDR=0.0.0.0:443 \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key \
-p 5000:443 \
registry:24. 启动并拷贝ca文件到minikube
minikube start --vm-driver kvm2
scp -i $(minikube ssh-key) certs/domain.crt docker@$(minikube ip):/home/docker5. 添加该registry到minikube的docker deamon中并重启
minikube ssh << EOF
echo "${host_ip} docker-registry.local" | sudo tee --append /etc/hosts
sudo mkdir -p /etc/docker/certs.d/docker-registry.local:5000
sudo cp /home/docker/domain.crt /etc/docker/certs.d/docker-registry.local:5000/ca.crt
# 重启docker deamon
sudo systemctl restart docker
# 测试是否添加成功
curl -X GET https://docker-registry.local:5000/v2/_catalog --cacert /etc/docker/certs.d/docker-registry.local\:5000/ca.crt
exit
EOFDemo:
Refs:
https://docs.docker.com/registry/insecure/
网络上志同道合,我们一起学习网络安全,一起进步,QQ群:694839022
