Support for insecure-registries
mschmieder opened this issue · 2 comments
Hi Stefan,
first of all I wanted to say that I'm impressed by this project and am using it on a daily basis for cross-platform development. It's really helping a lot! Thanks for the great work so far.
One of the things that I'm missing currently is the support for easily defining insecure-registries
within the daemon.json on the windows hosts.
I was able to quickly hack
in a solution for me that works but was wondering if that could be something that might be of interest to more people.
what I did so far was simply extending the create-machine.ps1
Powershell script by a single line
$config = $config | Add-Member(@{ `
hosts = @("tcp://0.0.0.0:2376", "npipe://"); `
tlsverify = $true; `
tlscacert = "$serverCertsPath\ca.pem"; `
tlscert = "$serverCertsPath\server-cert.pem"; `
tlskey = "$serverCertsPath\server-key.pem"; `
"insecure-registries" = @("my.insecure.registry:4567"); `
experimental = $experimental `
}) -Force -PassThru
It probably would be great to be able to define this within the Vagrant environment.
I'm not a Powershell nor a Vagrant guru, so sorry for not providing a potential solution already.
Best,
Matthias
I don‘t know exactly what is the best practice to do it. Maybe passing an optional environment variable from host to the provision script and add the optional key in the json during provisioning.
INSECURE_REGSTRIES=foo:4567 vagrant up
I can show you on how I found a solution that works for us since the private registries are quite stable in our environments.
I modified the Vagrantfile
to include the registries in the parameters for the setup script.
config.vm.define "1903", autostart: false do |cfg|
cfg.vm.box = "windows_server_1903_docker"
cfg.vm.provision "shell", path: "scripts/create-machine.ps1", args: "-machineHome #{home} -machineName 1903 -insecureRegistries registry.domain.com:5432,registry2.domain.com:4567"
end
Therefore I had to patch some functions in the Powershell
script to act on those parameters
function updateConfig {
param ($daemonJson, $serverCertsPath, $enableLCOW, $experimental, $insecureRegistries)
[...]
if ($insecureRegistries) {
$config = $config | Add-Member(@{ `
"insecure-registries" = $insecureRegistries.Split(','); `
}) -Force -PassThru
}
updateConfig "$dockerData\config\daemon.json" $serverCertsPath $enableLCOW $experimental $insecureRegistries
If you want I can create a pull request so you can see the changes better. Still I think this is not optimal right now since you'll have to patch the Vagrantfile
. Maybe the in combination with your idea for the env
variables might do the trick though.
Also I was not able to provide a list
to the Powershell script. It always interpreted my list as a string
, not sure why - that's why you see the split operation in the code snippet.
Thoughts?