- 安装openssl证书
yum -y install openssl -y
vim /etc/pki/tls/openssl.cnf
![在这里插入图片描述](https://i-blog.csdnimg.cn/blog_migrate/02585153adb610e992a40251312df374.png)
- 创建证书
mkdir /certs && openssl req -newkey rsa:4096 -nodes -sha256 -keyout /certs/domain.key -x509 -days 10000 -out /certs/domain.cert
![在这里插入图片描述](https://i-blog.csdnimg.cn/blog_migrate/35fd889a2469f74ac85a7bf90db2b386.png)
- 在部署节点上打一个标签,让其调度上去
kubectl label node k8s-master01 bind-registry=true
![在这里插入图片描述](https://i-blog.csdnimg.cn/blog_migrate/362c5128df0e2b27fbbd51d95fac3abe.png)
- 创建一个映射目录
mkdir -p /var/lib/registry
- 通过yaml创建
cat dockerhub.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: docker-local-hub
namespace: kube-system
labels:
app: registry
spec:
replicas: 1
selector:
matchLabels:
app: registry
template:
metadata:
labels:
app: registry
spec:
containers:
- name: registry
image: registry:2
ports:
- containerPort: 5000
env:
- name: REGISTRY_HTTP_TLS_CERTIFICATE
value: "/certs/domain.cert"
- name: REGISTRY_HTTP_TLS_KEY
value: "/certs/domain.key"
volumeMounts:
- name: docker-hub
mountPath: /var/lib/registry
- name: certs
mountPath: /certs
nodeSelector:
bind-registry: "true"
volumes:
- name: docker-hub
hostPath:
path: /var/lib/registry
- name: certs
hostPath:
path: /certs
---
apiVersion: v1
kind: Service
metadata:
name: docker-local-hub
namespace: kube-system
labels:
app: registry
spec:
selector:
app: registry
ports:
- port: 5000
targetPort: 5000
nodePort: 30003
type: NodePort
- 所有节点创建证书路径
mkdir -p /etc/docker/certs.d/192.168.42.122:30003
cp /certs/domain.cert /etc/docker/certs.d/192.168.42.122\:30003/ca.crt
- 测试
![在这里插入图片描述](https://i-blog.csdnimg.cn/blog_migrate/799ceef4c9bc58776b5f8915540588ee.png)
- 上传镜像
![在这里插入图片描述](https://i-blog.csdnimg.cn/blog_migrate/95cbb45fb21e1e6c7dfc548befeaf5b7.png)