openshift-with-secured-registry.sh

### cleanup
oc cluster down
rm -rf ./secrets
### end of cleanup

oc cluster up --version=latest --skip-registry-check=true
oc login -u system:admin
oc project default
oc get svc/docker-registry
MASTERDIR=/var/lib/origin/openshift.local.config/master
sudo $(which oadm) ca create-server-cert \
    --signer-cert=$MASTERDIR/ca.crt \
    --signer-key=$MASTERDIR/ca.key \
    --signer-serial=$MASTERDIR/ca.serial.txt \
    --hostnames='registry.127.0.0.1.nip.io,docker-registry.default.svc.cluster.local,172.30.1.1' \
    --cert=./secrets/registry.crt \
    --key=./secrets/registry.key
sudo chown -R $(whoami) ./secrets/
oc secrets new registry-secret ./secrets/registry.crt ./secrets/registry.key
oc secrets link registry registry-secret
oc secrets link default  registry-secret
oc volume dc/docker-registry --add --type=secret \
    --secret-name=registry-secret -m /etc/secrets
oc set env dc/docker-registry \
    REGISTRY_HTTP_TLS_CERTIFICATE=/etc/secrets/registry.crt \
    REGISTRY_HTTP_TLS_KEY=/etc/secrets/registry.key
oc patch dc/docker-registry -p '{"spec": {"template": {"spec": {"containers":[{
    "name":"registry",
    "livenessProbe":  {"httpGet": {"scheme":"HTTPS"}}
  }]}}}}'
oc patch dc/docker-registry -p '{"spec": {"template": {"spec": {"containers":[{
    "name":"registry",
    "readinessProbe":  {"httpGet": {"scheme":"HTTPS"}}
  }]}}}}'
oc create route passthrough --service=docker-registry --hostname=registry.127.0.0.1.nip.io
sudo mkdir -p /etc/docker/certs.d/registry.127.0.0.1.nip.io
sudo cp $MASTERDIR/ca.crt /etc/docker/certs.d/registry.127.0.0.1.nip.io
oc login -u developer

docker login --username `oc whoami` --password `oc whoami -t` registry.127.0.0.1.nip.io
docker pull busybox
docker tag busybox registry.127.0.0.1.nip.io/myproject/busybox 
docker push registry.127.0.0.1.nip.io/myproject/busybox