Self-signed certificates
This guide will demonstrate the use of a private registry using self-signed certificates in conjunction with Earthly.
For information about configuring the registry itself, see the Docker Registry deployment documentation.

Create an Earthfile

No special considerations are needed in the Earthfile itself. You can use SAVE IMAGE just like any other repository.
1
FROM alpine:3.13
2
​
3
build:
4
RUN echo "Hello from Earthly!" > motd
5
ENTRYPOINT cat motd
6
SAVE IMAGE --push <registry-hostname>/hello-earthly:with-love
Copied!

Add certificates to Earthly

Set the following configuration options in your Earthly config.
1
global:
2
buildkit_additional_args: ["-v", "<absolute-path-to-ca-file>:/etc/config/add.ca"]
3
buildkit_additional_config: |
4
[registry."<registry-hostname>"]
5
ca=["/etc/config/add.ca"]
Copied!
Where <absolute-path-to-ca-file> is the location of the CA certificate you wish to add and <registry-hostname> is the hostname of the registry.

Insecure registries

For testing purposes, you can also define insecure registries for Earthly to access. Note that the non-test use of insecure registries is strongly discouraged due to the risk of man-in-the-middle (MITM) attacks.
To configure Earthly to use an insecure registry, use the following Earthly config settings.
1
global:
2
buildkit_additional_config: |
3
[registry."<registry-hostname>"]
4
http = true
5
insecure = true
Copied!
In addition, you will need to specify the --insecure flag in any SAVE IMAGE command.
1
FROM alpine:3.13
2
​
3
build:
4
RUN echo "Hello from Earthly!" > motd
5
ENTRYPOINT cat motd
6
SAVE IMAGE --push --insecure <registry-hostname>/hello-earthly:with-love
Copied!

Other BuildKit options

Other settings for configuring registries in Earthly via BuildKit options can be seen below.
1
global:
2
buildkit_additional_config: |
3
[registry."<registry-hostname>"]
4
mirrors = ["<mirror>"]
5
http = true|false
6
insecure = true|false
7
ca=["<ca-path-pem>"]
8
[[registry."<registry-hostname>".keypair]]
9
key="<key-path-pem>"
10
cert="<cert-path-pem>"
Copied!
Last modified 7mo ago