1. host machine
Add `127.0.0.1 docker-registry.local` to /etc/hosts
2. 生成ca文件
#https://docs.docker.com/registry/insecure/
# common name: docker-registry.local
openssl req
-newkey rsa:4096 -nodes -sha256 -keyout certs/domain.key
-x509 -days 365 -out certs/domain.crt3. 启动self-signed registry
docker run -d
--restart=always
--name registry
-v "$(pwd)"/certs:/certs
-e REGISTRY_HTTP_ADDR=0.0.0.0:443
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt
-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key
-p 5000:443
registry:24. 启动并拷贝ca文件到minikube
minikube start --vm-driver kvm2
scp -i $(minikube ssh-key) certs/domain.crt docker@$(minikube ip):/home/docker5. 添加该registry到minikube的docker deamon中并重启
minikube ssh << EOF
echo "${host_ip} docker-registry.local" | sudo tee --append /etc/hosts
sudo mkdir -p /etc/docker/certs.d/docker-registry.local:5000
sudo cp /home/docker/domain.crt /etc/docker/certs.d/docker-registry.local:5000/ca.crt
# 重启docker deamon
sudo systemctl restart docker
# 测试是否添加成功
curl -X GET https://docker-registry.local:5000/v2/_catalog --cacert /etc/docker/certs.d/docker-registry.local:5000/ca.crt
exit
EOFDemo:
Refs: