forked from TrueCloudLab/distribution
Configure TLS for private registry mirrors.
If a registry mirror is using TLS, ensure that certs for it are picked up from /etc/docker/certs.d Signed-off-by: Richard Scothern <richard.scothern@gmail.com>
This commit is contained in:
parent
138ba39260
commit
00edb3bbce
1 changed files with 19 additions and 2 deletions
|
@ -6,6 +6,7 @@ import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
"net/url"
|
||||||
"os"
|
"os"
|
||||||
"path/filepath"
|
"path/filepath"
|
||||||
"strings"
|
"strings"
|
||||||
|
@ -161,19 +162,31 @@ func (s *Service) TlsConfig(hostname string) (*tls.Config, error) {
|
||||||
return &tlsConfig, nil
|
return &tlsConfig, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (s *Service) tlsConfigForMirror(mirror string) (*tls.Config, error) {
|
||||||
|
mirrorUrl, err := url.Parse(mirror)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
return s.TlsConfig(mirrorUrl.Host)
|
||||||
|
}
|
||||||
|
|
||||||
func (s *Service) LookupEndpoints(repoName string) (endpoints []APIEndpoint, err error) {
|
func (s *Service) LookupEndpoints(repoName string) (endpoints []APIEndpoint, err error) {
|
||||||
var cfg = tlsconfig.ServerDefault
|
var cfg = tlsconfig.ServerDefault
|
||||||
tlsConfig := &cfg
|
tlsConfig := &cfg
|
||||||
if strings.HasPrefix(repoName, DEFAULT_NAMESPACE+"/") {
|
if strings.HasPrefix(repoName, DEFAULT_NAMESPACE+"/") {
|
||||||
// v2 mirrors
|
// v2 mirrors
|
||||||
for _, mirror := range s.Config.Mirrors {
|
for _, mirror := range s.Config.Mirrors {
|
||||||
|
mirrorTlsConfig, err := s.tlsConfigForMirror(mirror)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
endpoints = append(endpoints, APIEndpoint{
|
endpoints = append(endpoints, APIEndpoint{
|
||||||
URL: mirror,
|
URL: mirror,
|
||||||
// guess mirrors are v2
|
// guess mirrors are v2
|
||||||
Version: APIVersion2,
|
Version: APIVersion2,
|
||||||
Mirror: true,
|
Mirror: true,
|
||||||
TrimHostname: true,
|
TrimHostname: true,
|
||||||
TLSConfig: tlsConfig,
|
TLSConfig: mirrorTlsConfig,
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
// v2 registry
|
// v2 registry
|
||||||
|
@ -187,13 +200,17 @@ func (s *Service) LookupEndpoints(repoName string) (endpoints []APIEndpoint, err
|
||||||
// v1 mirrors
|
// v1 mirrors
|
||||||
// TODO(tiborvass): shouldn't we remove v1 mirrors from here, since v1 mirrors are kinda special?
|
// TODO(tiborvass): shouldn't we remove v1 mirrors from here, since v1 mirrors are kinda special?
|
||||||
for _, mirror := range s.Config.Mirrors {
|
for _, mirror := range s.Config.Mirrors {
|
||||||
|
mirrorTlsConfig, err := s.tlsConfigForMirror(mirror)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
endpoints = append(endpoints, APIEndpoint{
|
endpoints = append(endpoints, APIEndpoint{
|
||||||
URL: mirror,
|
URL: mirror,
|
||||||
// guess mirrors are v1
|
// guess mirrors are v1
|
||||||
Version: APIVersion1,
|
Version: APIVersion1,
|
||||||
Mirror: true,
|
Mirror: true,
|
||||||
TrimHostname: true,
|
TrimHostname: true,
|
||||||
TLSConfig: tlsConfig,
|
TLSConfig: mirrorTlsConfig,
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
// v1 registry
|
// v1 registry
|
||||||
|
|
Loading…
Reference in a new issue