There are many instances that I need to do this. Especially if I am installing K8s in an internet restricted environment (example: Install TKG in Internet restricted env)
So I like to use docker registry and mkcert to play with this scenario
-
Create directories for certs and data
mkdir -p data certs
-
Install Mkcert. Just curl and install binary. See project for more instruction
-
Create CA
mkcert -install
-
Copy CA cert into certs directory
cp $(mkcert -CAROOT)/rootCA.pem certs/ca.crt -
Generate certificate
mkcert -cert-file certs/registry.crt -key-file certs/registry.key localhost 192.168.1.1 tkg-bootstrap-registry.local
-
Run docker registry
docker \ run \ -d \ --restart=always \ --name registry \ -v "${pwd}"/data:/var/lib/registry \ -v "${pwd}"/certs:/certs \ -e REGISTRY_HTTP_ADDR=0.0.0.0:443 \ -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/registry.crt \ -e REGISTRY_HTTP_TLS_KEY=/certs/registry.key \ -p 443:443 \ registry:2