I tried a few approaches already but all lead to failure. My end goal is to have a docker registry
service inside a cluster. Build and push images to that registry. And finally create pods from those images. I think this should be doable but feel free to correct me if I am wrong.
I started by creating a
deployment with one container
registry:2 and then used
buildah to build images and push them using
--tls-verify=false argument, that worked fine. I then tried to add my service url to
insecure-registries but I could not get docker to pick the change.
So I tried creating a self-signed certificate once with openssl and another time with cfssl and added it
/etc/docker/certs.d/my-registry.default.svc.cluster.local:5000/. I also tried creating htpasswd but I always ran into errors like
Error response from daemon: Get https://my-registry.default.svc.cluster.local:5000/v2/: Service Unavailable or ssl related errors.
Here is code for some of the stuff I tried:
- A self-signed certificate for the registry + copying it to all nodes, https://gist.github.com/MostafaGazar/e434e8947055dd856e38c9b4c5cfba15
- Using htpasswd for auth https://gist.github.com/MostafaGazar/a00e2440f99d09db334e201d3444550f
I did most of testing using Docker Desktop on Mac but the end goal is for this to run on GKE.