Support secure mode for registry addon

[gonzojive]

Summary

The registry add-on only works in insecure mode. I would like a secure mode to be supported as well.

Why is this important?

1. Security risks associated with the insecure registry.
2. Users should not become accustomed to pushing insecure images around.
3. Since image names don't support an explicit https or http protocol, libraries sometimes infer the protocol from the image name. https is the default, and if the registry uses http, there can be confusing errors that are difficult to resolve.

Are you interested in contributing to this feature?

No, sorry.

[maxpower720]

I ran into trying to secure the local registry with TLS and it looks like it's built into the underlying container but not exposed as (explicit) parameters. I'll take a look locally and if it makes sense, open up a pull request. Probably a bigger project to automate this / integrate it with cert-manager but at least it's an intermediate step on the way to a production-ready environment.

Microk8s documentation actually gives a short guide on how to update an addon if it doesn't quite meet your needs (I just discovered this).

The CNCF distribution docs show what environment variables and volume work that need to be done to add a TLS certificate.