github.phpd.cn/cilium/cilium@v1.6.12/test/provision/registry.sh (about) 1 #!/usr/bin/env bash 2 3 source "${ENV_FILEPATH}" 4 5 set -e 6 7 CERTS_DIR=/certs/ 8 9 echo '{"insecure-registries": ["k8s1:5000"]}' > /etc/docker/daemon.json 10 sudo pkill -SIGHUP docker 11 12 docker kill registry 13 docker rm registry 14 15 # Docker registry - certs 16 17 sudo mkdir -p $CERTS_DIR 18 sudo chmod 777 $CERTS_DIR 19 cd $HOME 20 rm -rfv certs 21 mkdir certs 22 23 cat <<EOF > server.conf 24 prompt = no 25 distinguished_name = req_distinguished_name 26 req_extensions = v3_req 27 28 [ req_distinguished_name ] 29 C = UK 30 ST = UK 31 L = London 32 O = cilium 33 OU = experimental 34 CN = cilium.io 35 emailAddress = ian@cilium.io 36 37 [ v3_req ] 38 # Extensions to add to a certificate request 39 basicConstraints = CA:FALSE 40 keyUsage = nonRepudiation, digitalSignature, keyEncipherment 41 subjectAltName = @alt_names 42 43 [ alt_names ] 44 DNS.1 = cilium.io 45 DNS.2 = *.cilium.io 46 DNS.3 = k8s1 47 IP.1 = 192.168.36.11 48 IP.2 = 10.0.2.15 49 EOF 50 51 openssl genrsa -out certs/ca.key 4096 52 openssl req -new -x509 -days 3650 -key certs/ca.key -out certs/ca.crt \ 53 -subj "/C=uk/ST=uk/L=London/O=cilium/CN=cilium.io" 54 55 openssl genrsa -out certs/cilium.key 4096 56 openssl req -new -nodes \ 57 -key certs/cilium.key \ 58 -out certs/cilium.request -config server.conf 59 60 openssl x509 -req -days 366 \ 61 -in certs/cilium.request \ 62 -CA certs/ca.crt \ 63 -CAkey certs/ca.key \ 64 -set_serial 01 \ 65 -out certs/cilium.cert \ 66 -extensions v3_req -extfile server.conf 67 68 mkdir -p /usr/local/share/ca-certificates 69 70 cp -rfv certs/* /certs/ 71 cp certs/ca.crt /usr/local/share/ca-certificates/ 72 sudo update-ca-certificates 73 74 docker run -d -p 5000:5000 --name registry -v ${CERTS_DIR}:/certs \ 75 -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/cilium.cert \ 76 -e REGISTRY_HTTP_TLS_KEY=/certs/cilium.key \ 77 --restart=always \ 78 docker.io/library/registry:2.6.2