Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Local docker registry with self-signed certificate

See original GitHub issue

Hello,

We are trying to set-up binderhub with our own docker registry in a local network as stated here. We first tried with a http registry, the problem is that docker forces us to use https connection so it is not reliable. So we tried to use https with a self-signed certificate, the issue is that binderhub just allows pulling from registry with a CA certificate. There are two solutions :

  1. Change this line to allow for untrusted certificate with validate_cert=False => Fast and easy but maybe more insecure
  2. Adding the self-signed certificate to /etc/docker/certs.d like here but should be inside the building pod, with proper mounting options => lot more “complicated” but secure

Do you have some ideas about this ?

ps: Using a public registry is not ideal for us since we sould need to buy a floating ip, a domain name, and it is far less optimal in term of pushing/pulling time (pull binderhub -> registry on local network VS pull binderhub -> DNS -> registry on public network)

Thanks,

Issue Analytics

  • State:closed
  • Created 4 years ago
  • Comments:10 (4 by maintainers)

github_iconTop GitHub Comments

1reaction
betatimcommented, Oct 31, 2019

(I’ve never used Pod presets myself, so this is a bit “the blind leading the blind”)

One idea could be that the preset only works if the pod doesn’t already have volumes/mounts defined. It would be weird but who knows. I’d define a volume and mount in your test pod to see if it still works. The other thing to double check is if the selector works correctly and that the preset is in the right namespace. Other than that I am a bit stumped too 😕

1reaction
ltetrelcommented, Oct 29, 2019

I found the k8s certificates, there are here but seems to be self-signed /etc/kubernetes/pki/ca.crt. Your second suggestion seems to be feasible, I will try it and give feedbacks

Read more comments on GitHub >

github_iconTop Results From Across the Web

How to deploy a self-hosted Docker registry with self-signed ...
The first thing we're going to do is create some directories to house the repository and the necessary certificates. I'm going to demonstrate ......
Read more >
Test an insecure registry - Docker Documentation
Use self-signed certificates · Open Windows Explorer, right-click the domain.crt file, and choose Install certificate. When prompted, select the following ...
Read more >
How to setup a private docker registry with a self sign certificate
registry:v2 · Start a simple registry server · Secure your private docker registry · domain.key · Add user authentication for registry access ·...
Read more >
Create a private local docker registry - HackerNoon
Approach: Self Signed Certificate · 1. On your Host Machine and Client Machine install Docker Engine · 2. Get a self signed certificate...
Read more >
Setting up private Docker Registry with self-signed certificates
Setting up private Docker registry with self-signed TLS certificates · Dmitrii Marukhno · Install Docker · Generate key/cert pair · Run and set...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

The need for persistence

Next page

Can't connect to to SQL database with sqlalchemy