Local docker registry with self-signed certificate
See original GitHub issueHello,
We are trying to set-up binderhub with our own docker registry in a local network as stated here. We first tried with a http registry, the problem is that docker forces us to use https connection so it is not reliable. So we tried to use https with a self-signed certificate, the issue is that binderhub just allows pulling from registry with a CA certificate. There are two solutions :
- Change this line to allow
for untrusted certificate with
validate_cert=False
=> Fast and easy but maybe more insecure - Adding the self-signed certificate to
/etc/docker/certs.d
like here but should be inside the building pod, with proper mounting options => lot more “complicated” but secure
Do you have some ideas about this ?
ps: Using a public registry is not ideal for us since we sould need to buy a floating ip, a domain name, and it is far less optimal in term of pushing/pulling time (pull binderhub -> registry on local network VS pull binderhub -> DNS -> registry on public network)
Thanks,
Issue Analytics
- State:
- Created 4 years ago
- Comments:10 (4 by maintainers)
Top Results From Across the Web
How to deploy a self-hosted Docker registry with self-signed ...
The first thing we're going to do is create some directories to house the repository and the necessary certificates. I'm going to demonstrate ......
Read more >Test an insecure registry - Docker Documentation
Use self-signed certificates · Open Windows Explorer, right-click the domain.crt file, and choose Install certificate. When prompted, select the following ...
Read more >How to setup a private docker registry with a self sign certificate
registry:v2 · Start a simple registry server · Secure your private docker registry · domain.key · Add user authentication for registry access ·...
Read more >Create a private local docker registry - HackerNoon
Approach: Self Signed Certificate · 1. On your Host Machine and Client Machine install Docker Engine · 2. Get a self signed certificate...
Read more >Setting up private Docker Registry with self-signed certificates
Setting up private Docker registry with self-signed TLS certificates · Dmitrii Marukhno · Install Docker · Generate key/cert pair · Run and set...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
(I’ve never used Pod presets myself, so this is a bit “the blind leading the blind”)
One idea could be that the preset only works if the pod doesn’t already have volumes/mounts defined. It would be weird but who knows. I’d define a volume and mount in your test pod to see if it still works. The other thing to double check is if the selector works correctly and that the preset is in the right namespace. Other than that I am a bit stumped too 😕
I found the k8s certificates, there are here but seems to be self-signed
/etc/kubernetes/pki/ca.crt
. Your second suggestion seems to be feasible, I will try it and give feedbacks