Skip to content

Instantly share code, notes, and snippets.

@stdevPavelmc

stdevPavelmc/Secure_registry_microk8s.md

Last active December 22, 2023 07:00
Show Gist options
  • Save stdevPavelmc/b7bddaab47e480b5034a0e8428404e0d to your computer and use it in GitHub Desktop.
Save stdevPavelmc/b7bddaab47e480b5034a0e8428404e0d to your computer and use it in GitHub Desktop.
Download ZIP
Securing a microk8s registry
Raw
Secure_registry_microk8s.md

Adding auth for the default registry

  • Add this vars to the env in the deployment
- name: REGISTRY_AUTH_HTPASSWD_REALM
  value: Registry Realm
- name: REGISTRY_AUTH_HTPASSWD_PATH
  value: /var/lib/registry/registry.auth
  • Create the file file /var/lib/registry/registry.auth inside the pod [it will be placed on a pv] inside it place some htpass credentials like this:
user1:$2y$05$1fakehash.fakehash.fakehash.fakehash.fakehash.fakehash.fakehash
user2:$2y$05$2fakehash.fakehash.fakehash.fakehash.fakehash.fakehash.fakehash

You can place as many auth creds as you want, optionally remove the default ingress and use it with a https endpoint/ingress

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment