January 2019
Intermediate to advanced
170 pages
3h 23m
English
Content preview from Kubernetes in the Enterprise
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
Appendix C. Configuring Docker to Push or Pull from an Insecure Registry
The Docker runtime establishes trust of a remote image registry based on the validity of its Transport Layer Security (TLS) certificate. If your cluster uses a self-signed certificate, Docker will consider it “insecure” by default.
You can confirm the allowed insecure registries for your Docker runtime by using the docker info command, as demonstrated here:
docker info| grep -A 20 "Insecure Registries" Insecure Registries: mycluster.icp:8500 127.0.0.0/8 Live Restore Enabled: false
Configuring the insecure registries for your platform may vary a bit, but the basic flow is to extend the DOCKER_OPTS to explicitly list each insecure registry that the Docker runtime is allowed to interact with.
Edit the Docker daemon configuration to add the alias for your IBM Cloud Private cluster, which will be mycluster.icp:8500, by default. Depending on your installation and platform, your configuration file might be at /etc/docker/daemon.json, ~/.docker/daemon.json, or C:\ProgramData\docker\config\daemon.json.
cat ~/.docker/daemon.json
{
"debug" : true,
"insecure-registries" : [
"mycluster.icp:8500"
],
"experimental" : true
}
Then, update your /etc/hosts configuration to alias this hostname (provided by the certificate when Docker connects to the endpoint) to the specific public IP of your cluster:
cat /etc/hosts | grep mycluster.icp 1.1.1.1mycluster.icp
Restart your Docker runtime to make this change effective.
To ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.