Merge pull request #2620 from jbeda/insecure-registry-fix

For GCE, allow insecure registries anywhere in 10.0.0.0/8.
2025-08-09 20:17:41 +00:00 · 2014-12-01 12:13:12 -08:00 · 2014-12-01 12:13:12 -08:00 · b9b7c47da3
commit b9b7c47da3
parent 00477c3813 f8505cd286
5 changed files with 21 additions and 7 deletions
--- a/cluster/gce/config-default.sh
+++ b/cluster/gce/config-default.sh
@ -48,3 +48,6 @@ ENABLE_DOCKER_REGISTRY_CACHE=true
 # Optional: Enable node logging.
 ENABLE_NODE_LOGGING=true
 LOGGING_DESTINATION=elasticsearch # options: elasticsearch, gcp
+
+# Don't require https for registries in our local RFC1918 network
+EXTRA_DOCKER_OPTS="--insecure-registry 10.0.0.0/8"
--- a/cluster/gce/config-test.sh
+++ b/cluster/gce/config-test.sh
@ -45,3 +45,6 @@ ENABLE_NODE_LOGGING=true
 LOGGING_DESTINATION=elasticsearch # options: elasticsearch, gcp

 ENABLE_CLUSTER_MONITORING=false
+
+# Don't require https for registries in our local RFC1918 network
+EXTRA_DOCKER_OPTS="--insecure-registry 10.0.0.0/8"
--- a/cluster/gce/templates/salt-minion.sh
+++ b/cluster/gce/templates/salt-minion.sh
@ -36,13 +36,21 @@ grains:
  cloud: gce
 EOF

+DOCKER_OPTS=""
+
+if [[ -n "${EXTRA_DOCKER_OPTS-}" ]]; then
+  DOCKER_OPTS="${EXTRA_DOCKER_OPTS}"
+fi
+
 # Decide if enable the cache
-if [[ "${ENABLE_DOCKER_REGISTRY_CACHE}" == "true" ]]; then 
+if [[ "${ENABLE_DOCKER_REGISTRY_CACHE}" == "true" ]]; then
    REGION=$(echo "${ZONE}" | cut -f 1,2 -d -)
    echo "Enable docker registry cache at region: " $REGION
-    DOCKER_OPTS="--registry-mirror=\"https://${REGION}.docker-cache.clustermaster.net\""
+    DOCKER_OPTS="${DOCKER_OPTS} --registry-mirror='https://${REGION}.docker-cache.clustermaster.net'"
+fi

-    cat <<EOF >>/etc/salt/minion.d/grains.conf
+if [[ -n "{DOCKER_OPTS}" ]]; then
+cat <<EOF >>/etc/salt/minion.d/grains.conf
  docker_opts: $DOCKER_OPTS
 EOF
 fi
--- a/cluster/gce/util.sh
+++ b/cluster/gce/util.sh
@ -318,6 +318,7 @@ function kube-up {
      echo "ZONE='${ZONE}'"
      echo "MASTER_NAME='${MASTER_NAME}'"
      echo "MINION_IP_RANGE='${MINION_IP_RANGES[$i]}'"
+      echo "EXTRA_DOCKER_OPTS='${EXTRA_DOCKER_OPTS}'"
      echo "ENABLE_DOCKER_REGISTRY_CACHE='${ENABLE_DOCKER_REGISTRY_CACHE:-false}'"
      grep -v "^#" "${KUBE_ROOT}/cluster/gce/templates/common.sh"
      grep -v "^#" "${KUBE_ROOT}/cluster/gce/templates/salt-minion.sh"
--- a/cluster/saltbase/salt/docker/docker-defaults
+++ b/cluster/saltbase/salt/docker/docker-defaults
@ -1,6 +1,5 @@
+DOCKER_OPTS=""
 {% if grains.docker_opts is defined %}
-  {% set docker_opts = grains.docker_opts %}
-{% else %}
-  {% set docker_opts = "" %}
+DOCKER_OPTS="${DOCKER_OPTS} {{grains.docker_opts}}"
 {% endif %}
-DOCKER_OPTS="{{docker_opts}} --bridge cbr0 --iptables=false --ip-masq=false -r=false"
+DOCKER_OPTS="${DOCKER_OPTS} --bridge cbr0 --iptables=false --ip-masq=false -r=false"