I am running Docker for Mac(Edge) and I have a Kubernetes Cluster.
I am trying to be able to run a Registry inside Kubernetes, so I can push images to the cluster and use them in a Localhost environment.
I have installed a Registry with Helm: helm install stable/docker-registry
And I am able to run with portforward:
export POD_NAME=$(kubectl get pods --namespace default -l "app=docker-registry,release=guiding-hedgehog" -o jsonpath="{.items[0].metadata.name}")
echo "Visit http://127.0.0.1:8080 to use your application"
kubectl port-forward $POD_NAME 8080:5000The problem is that I get an error when trying to push to the registry with docker push localhost:5000/hello:
The push refers to repository [localhost:5000/hello]
Get http://localhost:5000/v2/: dial tcp [::1]:5000: getsockopt: connection refusedkubectl get services:
NAME: eyewitness-moose-docker-registry TYPE: ClusterIP CLUSTER-IP:10.106.213.130 EXTERNAL-IP:<none> PORT(S):5000/TCPNote: Also tried adding docker.for.mac.localhost:5000 to list of insecure registries.
So it looks like a security issue, and might be related to that it is not possible to run an insecure registry described in Docker doc
Therefore I have created a certificate as described here.
Now the question is, how do I distribute the certificate to each node with only kubectl?
Note: I am running in Docker for Mac(Edge), so I can get to the Kubernetes running containers. But there is so many and how and I don't think that is is the right way:
7d50a16271b5 gcr.io/kubernetes-helm/tiller "/tiller" 19 hours ago Up 19 hours k8s_tiller_tiller-deploy-865dd6c794-j7nk8_kube-system_8cbf6a09-329d-11e8-83ed-025000000001_0
6c77c450b374 gcr.io/google_containers/pause-amd64:3.0 "/pause" 19 hours ago Up 19 hours k8s_POD_tiller-deploy-865dd6c794-j7nk8_kube-system_8cbf6a09-329d-11e8-83ed-025000000001_0
ff19b2587142 docker/kube-compose-controller "/compose-controller…" 40 hours ago Up 40 hours k8s_compose_compose-5d4f4d67b6-n9jbp_docker_d7fc0ef4-3065-11e8-b9f8-025000000001_0
22109b6207af docker/kube-compose-api-server "/api-server --kubec…" 40 hours ago Up 40 hours k8s_compose_compose-api-7bb7b5968f-9mjxr_docker_d7f23906-3065-11e8-b9f8-025000000001_0
fd35236592f2 gcr.io/google_containers/k8s-dns-sidecar-amd64 "/sidecar --v=2 --lo…" 40 hours ago Up 40 hours k8s_sidecar_kube-dns-6f4fd4bdf-h25hz_kube-system_ba973aaa-3065-11e8-b9f8-025000000001_0
8df955fd61f4 gcr.io/google_containers/k8s-dns-dnsmasq-nanny-amd64 "/dnsmasq-nanny -v=2…" 40 hours ago Up 40 hours k8s_dnsmasq_kube-dns-6f4fd4bdf-h25hz_kube-system_ba973aaa-3065-11e8-b9f8-025000000001_0
2b35fb82f6e6 gcr.io/google_containers/k8s-dns-kube-dns-amd64 "/kube-dns --domain=…" 40 hours ago Up 40 hours k8s_kubedns_kube-dns-6f4fd4bdf-h25hz_kube-system_ba973aaa-3065-11e8-b9f8-025000000001_0
89b4e3ccccd5 gcr.io/google_containers/pause-amd64:3.0 "/pause" 40 hours ago Up 40 hours k8s_POD_compose-5d4f4d67b6-n9jbp_docker_d7fc0ef4-3065-11e8-b9f8-025000000001_0
d5a6a2ba714b gcr.io/google_containers/pause-amd64:3.0 "/pause" 40 hours ago Up 40 hours k8s_POD_kube-dns-6f4fd4bdf-h25hz_kube-system_ba973aaa-3065-11e8-b9f8-025000000001_0
608c82a39845 gcr.io/google_containers/pause-amd64:3.0 "/pause" 40 hours ago Up 40 hours k8s_POD_compose-api-7bb7b5968f-9mjxr_docker_d7f23906-3065-11e8-b9f8-025000000001_0
38982ea53b7d gcr.io/google_containers/kube-proxy-amd64 "/usr/local/bin/kube…" 40 hours ago Up 40 hours k8s_kube-proxy_kube-proxy-75vvn_kube-system_bace7415-3065-11e8-b9f8-025000000001_0
1e5b99acf1ca gcr.io/google_containers/pause-amd64:3.0 "/pause" 40 hours ago Up 40 hours k8s_POD_kube-proxy-75vvn_kube-system_bace7415-3065-11e8-b9f8-025000000001_0
e75f4b1db79e gcr.io/google_containers/kube-scheduler-amd64 "kube-scheduler --ku…" 40 hours ago Up 40 hours k8s_kube-scheduler_kube-scheduler-docker-for-desktop_kube-system_f851ca949bc3883a8c73ea5debfa5def_0
2834798acbc5 gcr.io/google_containers/kube-apiserver-amd64 "kube-apiserver --ad…" 40 hours ago Up 40 hours k8s_kube-apiserver_kube-apiserver-docker-for-desktop_kube-system_caae2ec94c5b9fe55a01978c5b2f561e_0
91cb9c57c7f6 gcr.io/google_containers/etcd-amd64 "etcd --listen-clien…" 40 hours ago Up 40 hours k8s_etcd_etcd-docker-for-desktop_kube-system_7278f85057e8bf5cb81c9f96d3b25320_0
ead556edb234 gcr.io/google_containers/kube-controller-manager-amd64 "kube-controller-man…" 40 hours ago Up 40 hours k8s_kube-controller-manager_kube-controller-manager-docker-for-desktop_kube-system_81fd91d1cb0957bc579d5dd888f73ead_0
bd4e94136fe5 gcr.io/google_containers/pause-amd64:3.0 "/pause" 40 hours ago Up 40 hours k8s_POD_kube-scheduler-docker-for-desktop_kube-system_f851ca949bc3883a8c73ea5debfa5def_0
45f2657c47a7 gcr.io/google_containers/pause-amd64:3.0 "/pause" 40 hours ago Up 40 hours k8s_POD_kube-controller-manager-docker-for-desktop_kube-system_81fd91d1cb0957bc579d5dd888f73ead_0
3e5a8064e983 gcr.io/google_containers/pause-amd64:3.0 "/pause" 40 hours ago Up 40 hours k8s_POD_etcd-docker-for-desktop_kube-system_7278f85057e8bf5cb81c9f96d3b25320_0
b7ae16f4ce6b gcr.io/google_containers/pause-amd64:3.0 "/pause" 40 hours ago Up 40 hours k8s_POD_kube-apiserver-docker-for-desktop_kube-system_caae2ec94c5b9fe55a01978c5b2f561e_0Anything in the right direction is welcome.
Thanks in advance