K
Q

Use https for accessing Docker private registry

1/29/2019

I have a private registry, that it's accessed through the https protocol. But Kubernetes + Docker, always tries to use the http protocol http://myserver.com:8080 instead of https://myserver.com:8080.

How to force https protocol?

Snippet of my yaml file that declares a Pod:

  containers:
    - name: apl
      image: myserver.com:8080/myimage

Details of my environment:

  • CentOS 7.3
  • Docker 18.06
  • Kubernetes (Minikube) 1.13.1

Error message in Kubernetes logs:

  Normal   Pulling    30s (x4 over 2m2s)  kubelet, minikube  pulling image "docker.mydomain.com:30500/vision-ssh"
  Warning  Failed     30s (x4 over 2m2s)  kubelet, minikube  Failed to pull image "docker.mydomain.com:30500/vision-ssh": rpc error: code = Unknown desc = Error response from daemon: Get http://docker.mydomain.com:30500/v2/: net/http: HTTP/1.x transport connection broken: malformed HTTP response "\x15\x03\x01\x00\x02\x02"
  Warning  Failed     30s (x4 over 2m2s)  kubelet, minikube  Error: ErrImagePull
  Warning  Failed     19s (x6 over 2m2s)  kubelet, minikube  Error: ImagePullBackOff
  Normal   BackOff    4s (x7 over 2m2s)   kubelet, minikube  Back-off pulling image "docker.fccma.com:30500/vision-ssh"

If I try to specify the protocol in the name of the image, it complains:

couldn't parse image reference "https://docker.mydomain.com:30500/vision-ssh": invalid reference format

Followed this guide in order to create the image registry. It is already secured (HTTPS protocol and protected by user/password).

-- david.perez
docker
kubernetes

Similar Questions

How to override cassandra image jvm.opts in runtime
kubernetes python client get value of a specific annotation
Spring boot application cant access other services
Multiple persistent volumes in minikube
Minikube: kubectl doesn't use provided token permissions
How to create Cloudwatch Alarm of EKS Nodes via Terraform

3 Answers

1/29/2019

Run https proxy service fronting the container registry service. Look at nginx as https proxy

-- P Ekambaram
Source: StackOverflow
1/29/2019

In the /etc/hosts file, the server docker.mydomain.com is mapped to 127.0.0.1. I've read in the docker docs that local registries are always considered insecure. If I use a name that is mapped to the external IP, then Docker tries https.

-- david.perez
Source: StackOverflow
1/29/2019

Your private docker registry might not be secured. If it is secured private registry it always use https otherwise it refers to http.

For more details refer doc:

Docker uses the https:// protocol to communicate with a registry, unless the registry is allowed to be accessed over an insecure connection. Refer to the insecure registries section for more information.

https://docs.docker.com/engine/reference/commandline/dockerd/#insecure-registries

So to force https , secure your registry. There are many articles available on net to secure your registry.

-- Rajesh Deshpande
Source: StackOverflow