search

GunSik2 / engineering_qna

Software Engineering Problem and Solving
0 stars 0 forks source link

docker registry insecure usage #1

Open GunSik2 opened 5 years ago

GunSik2 commented 5 years ago

시험환경

docker & private registry 구성

mkdir certs; cd certs openssl genrsa -out ${cert_name}.key 2048 openssl req -new -key ${cert_name}.key -out ${cert_name}.csr -subj "/C=AU/ST=Some-State/O=${cert_org}/CN=*.${cert_domain}" openssl x509 -req -days 730 -in ${cert_name}.csr -signkey ${cert_name}.key -out ${cert_name}.crt openssl rsa -in ${cert_name}.key -pubout > ${cert_name}.pub

- private registry 실행

docker pull registry docker run -d -p 5000:5000 --restart=always --name docker-registry \ -v /home/ubuntu/certs:/certs \ -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/registrycert.crt \ -e REGISTRY_HTTP_TLS_KEY=/certs/registrycert.key \ registry

- /etc/hosts 도메인 등록

127.0.0.1 registry.mydocker.io


## insecure registry 등록
- /etc/docker/daemon.json

{ "insecure-registries": ["registry.mydocker.io:5000"] }

## insecure registry 적용
- docker 재기동

sudo service docker restart

- 등록 확인

sudo docker info

Insecure Registries: registry.mydocker.io:5000 127.0.0.0/8

## 접속 확인

docker login registry.mydocker.io:5000 -u admin -p admin

Login Succeeded

## 이미지 시험

현재 이미지 목록 보기.

$ docker images

docker pull하기

$ docker pull hello-world

registry.mydocker.io:5000/hello-world 이미지 생성

$ docker tag hello-world registry.mydocker.io:5000/hello-world

이미지가 생성 확인

$ docker images

push 해보자

$ docker push registry.mydocker.io:5000/hello-world



## Reference
- [나만의 private docker registry](https://novemberde.github.io/2017/04/09/Docker_Registry_0.html)
- [사내-docker-저장소registry-구축하기](http://www.kwangsiklee.com/2017/08/%EC%82%AC%EB%82%B4-docker-%EC%A0%80%EC%9E%A5%EC%86%8Cregistry-%EA%B5%AC%EC%B6%95%ED%95%98%EA%B8%B0/)