Create and use a private insecure registry inside k8s cluster

I tried a few approaches already but all lead to failure. My end goal is to have a docker registry deployment and service inside a cluster. Build and push images to that registry. And finally create pods from those images. I think this should be doable but feel free to correct me if I am wrong.

I started by creating a deployment with one container registry:2 and then used buildah to build images and push them using --tls-verify=false argument, that worked fine. I then tried to add my service url to daemon.json under insecure-registries but I could not get docker to pick the change.

So I tried creating a self-signed certificate once with openssl and another time with cfssl and added it /etc/docker/certs.d/my-registry.default.svc.cluster.local:5000/. I also tried creating htpasswd but I always ran into errors like Error response from daemon: Get https://my-registry.default.svc.cluster.local:5000/v2/: Service Unavailable or ssl related errors.

Here is code for some of the stuff I tried:

I did most of testing using Docker Desktop on Mac but the end goal is for this to run on GKE.

1 Like