epiphany icon indicating copy to clipboard operation
epiphany copied to clipboard

Published 20 hours ago verified publisher icon hitachienergy

[FEATURE REQUEST] TLS support for docker repository

Open erzetpe opened this issue 4 years ago • 3 comments

Is your feature request related to a problem? Please describe. We need to have protected TLS communication with docker repository.

Describe the solution you'd like Add TLS support as an option to our docker repository and add capability for its usage for services that are using this.

Describe alternatives you've considered None.

Additional context No.

DoD checklist

  • Changelog
    • [ ] updated
    • [ ] not needed
  • COMPONENTS.md
    • [ ] updated
    • [ ] not needed
  • Schema
    • [ ] updated
    • [ ] not needed
  • Backport tasks
    • [ ] created
    • [ ] not needed
  • Documentation
    • [ ] added
    • [ ] updated
    • [ ] not needed
  • [ ] Feature has automated tests
  • [ ] Automated tests passed (QA pipelines)
    • [ ] apply
    • [ ] upgrade
    • [ ] backup/restore
  • [ ] Idempotency tested
  • [ ] All conversations in PR resolved
  • [ ] Solution meets requirements and is done according to design doc
  • [ ] Usage compliant with license

erzetpe avatar Oct 09 '20 09:10 erzetpe

This is about just internal communication.

mkyc avatar Nov 19 '20 13:11 mkyc

I just found this: https://discuss.kubernetes.io/t/aks-on-prem-registry-self-signed-cert/9308

mkyc avatar Jan 14 '21 14:01 mkyc

I contacted Michal about this task and below is his answer. We need to decide how to proceed with this task.

What it wanted to do:
I started working on that and got annoyed, because of the lower quality code of the repository / image registry solution.
So my idea for this task drifted a little bit towards refactoring more than only the docker registry.
I wanted to reuse apache to terminate tls in front of the docker registry.
To make it easier I wanted to move apache and registry into runc containers so it would be just the same in all
distros.

What I managed to do:
I researched PKI creation a bit in the epiphany-offline repo https://github.com/sk4zuzu/epiphany-offline/commits/feature/http-over-tls outside of epiphany itself + implemented TLS for the epiphany-oflline repo.
I extracted runc solution from the haproxy_runc role and only started implementing a custom apache https://github.com/sk4zuzu/epiphany/commits/feature/repository-in-runc and at this point my task was closed.

I wanted to improve the whole apache-based solution, that was a bit out of scope, but I believed it was necessary to do something with that.
If you want to only do the task without proper refactoring, then probably nothing I've done will be handy for you.

atsikham avatar Feb 09 '21 13:02 atsikham

Not going todo anymore feature requests for Epiphany.

seriva avatar Nov 16 '22 12:11 seriva