From 4454e388ec51b16c636961e49deb0e421c05e5c7 Mon Sep 17 00:00:00 2001 From: "Alex Ellis (OpenFaaS Ltd)" Date: Mon, 4 Nov 2024 15:56:35 +0000 Subject: [PATCH] Show TLS instructions for registry mirror Signed-off-by: Alex Ellis (OpenFaaS Ltd) --- docs/tasks/registry-mirror.md | 25 ++++++++++++++++++++----- 1 file changed, 20 insertions(+), 5 deletions(-) diff --git a/docs/tasks/registry-mirror.md b/docs/tasks/registry-mirror.md index e2d2018..52e3f19 100644 --- a/docs/tasks/registry-mirror.md +++ b/docs/tasks/registry-mirror.md @@ -58,10 +58,12 @@ Before doing so, you'll need to: 1. Create a file named `hub.txt` in your home directory. 2. Set the `USERNAME` variable to your Docker Hub username. +3. If you're using cloud-hypervisor, set the `BRIDGE` variable to `192.168.129.1` ```bash export USERNAME="" export TOKEN=$(cat ~/hub.txt) +export BRIDGE="192.168.128.1" cat >> /tmp/registry.yml < microVM communication + tls: + certificate: /var/lib/actuated/certs/server.crt + key: /var/lib/actuated/certs/server.key +EOF ``` +As the certificate is expired, actuated will automatically restart the `registry` service to use the new certificate. + Install and start the registry with a systemd unit file: ```bash @@ -140,7 +148,7 @@ on: jobs: build: - runs-on: [actuated] + runs-on: [actuated-4cpu-8gb] steps: - name: Setup mirror @@ -167,10 +175,17 @@ find /var/lib/registry/ -name "alpine" /var/lib/registry/docker/registry/v2/repositories/library/alpine ``` +Add actuated's bridge <> VM CA bundle to the trust store on the server, to test the registry via curl: + +```bash +sudo cp /var/lib/actuated/certs/ca.crt /usr/local/share/ca-certificates/actuated-ca.crt +sudo update-ca-certificates +``` + You can also use the registry's API to query which images are available: ```bash -curl -i http://192.168.128.1:5000/v2/_catalog +curl -i https://192.168.128.1:5000/v2/_catalog HTTP/1.1 200 OK Content-Type: application/json; charset=utf-8