Runtime별 Private Registry SSL인증방법
Docker
cat ~/.docker/config.json
{
"auths": {
"https://index.docker.io/v1/": {
"auth": "c3R...zE2"
}
}
}
JavaScript
복사
Containerd
•
인증서 등록
[All Kubernetes Node]
SSL 인증서 crt 파일들을 /etc/pki/ca-trust/source/anchors 경로에 복사
$ update-ca-trust
/etc/hosts에 private-registry Domain 등록
$ systemctl restart containerd
$ systemctl restart docker
$ systemctl restart cri-o
Shell
복사
•
계정 등록
$ vi /etc/containerd/config.toml
[plugins]
[plugins."io.containerd.grpc.v1.cri"]
sandbox_image = "k8s.gcr.io/pause:3.3"
max_container_log_line_size = -1
[plugins."io.containerd.grpc.v1.cri".containerd]
default_runtime_name = "runc"
snapshotter = "overlayfs"
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes]
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
runtime_type = "io.containerd.runc.v2"
runtime_engine = ""
runtime_root = ""
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
systemdCgroup = true
[plugins."io.containerd.grpc.v1.cri".registry]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
endpoint = ["https://registry-1.docker.io"]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."harbor.seoul.paas-ta.co.kr:443"]
endpoint = ["https://harbor.seoul.paas-ta.co.kr:443"]
[plugins."io.containerd.grpc.v1.cri".registry.configs]
[plugins."io.containerd.grpc.v1.cri".registry.configs."harbor.seoul.paas-ta.co.kr:443".auth]
username = "admin"
password = "Harbor12345"
[plugins."io.containerd.grpc.v1.cri".registry.configs."harbor.seoul.paas-ta.co.kr:443".tls]
ca_file = "/data/registry/cert.d/ca.crt"
cert_file = "/data/registry/cert.d/harbor.seoul.paas-ta.co.kr.crt"
key_file = "/data/registry/cert.d/harbor.seoul.paas-ta.co.kr.key"
Shell
복사