That's not quite true, you just need to add the `insecure-registries`[1] option with a list of either IP (or ip ranges) or hostnames that you want to allow without TLS.
reply```/etc/docker/daemon.json
{
"insecure-registries": ["10.100.0.0/24", "registry.yourmom.example.com:5000"]
}
[1] https://docs.docker.com/reference/cli/dockerd/#insecure-regi...
Yes this is true. I should caveat that we distributed the tool among a team and we didn't want to ask them to all edit their daemon.json with an ever-expanding list of IP addresses.
replyThis is really useful as you don't have to add an entry under insecure-registries for local registries that don't have valid certificates.
replyYou might as well handover the images to hackers.
replyiirc there's a setting to allow docker to trust and use http registries
replyi set it up a few years ago for my homelab
Which makes me think that I have never heard of signed images/artefacts
reply