搜索 在this教程中,您可以使用Helm设置私有注册表。
在文档中有说明:
注意:不安全的注册表可以用于开发,POC或实验室试验。您不应该在生产中使用它。网上有大量文档指导您进行安全的注册表设置。
好吧,我已经搜索(并尝试了)两天了,实际上没有任何东西可以与openssl和docker-for-mac一起使用。
你知道吗?
更新:
步骤:
1.已安装的cert-manager
2.按照this创建证书
3.创建一个Ingress:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: registry-tls
namespace: default
annotations:
kubernetes.io/ingress.class: "nginx"
ingress.kubernetes.io/rewrite-target: /
spec:
tls:
- hosts:
- mydomain.dev
- secretName: ca-key-pair
rules:
- host: mydomain.dev
http:
paths:
- backend:
serviceName: mottled-hydra-docker-registry
servicePort: 5000
path: /reg
docker push mydomain.dev/mycontainer 然后我得到:
The push refers to repository [mydomain.dev/reg/mycontainer]
Get https://mydomain.dev/v2/: x509: certificate is valid for ingress.local, not mydomain.dev
注意?:
1. https://mydomain.dev/ v2 /
2. ingress.local
kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.245.0.1 <none> 443/TCP 4d
mottled-hydra-docker-registry ClusterIP 10.245.190.70 <none> 5000/TCP 5h
用于注册表的svc,由Helm图表(cert-manager)生成:
apiVersion: v1 │
│kind: Service │
│metadata: │
│ creationTimestamp: "2019-03-28T12:46:06Z" │
│ labels: │
│ app: docker-registry │
│ chart: docker-registry-1.7.0 │
│ heritage: Tiller │
│ release: mottled-hydra │
│ name: mottled-hydra-docker-registry │
│ namespace: default │
│ resourceVersion: "692261" │
│ selfLink: /api/v1/namespaces/default/services/mottled-hydra-docker-registry │
│ uid: 742fe252-5157-11e9-851d-ba21af21c59c │
│spec: │
│ clusterIP: 10.245.190.70 │
│ ports: │
│ - name: registry │
│ port: 5000 │
│ protocol: TCP │
│ targetPort: 5000 │
│ selector: │
│ app: docker-registry │
│ release: mottled-hydra │
│ sessionAffinity: None │
│ type: ClusterIP │
│status: │
│ loadBalancer: {}