Some blatherings by Keith Ball

View my projects on GitHub

How to add a private docker registry to k8s

19 Oct 2016

If you are getting problem with ImagePullBackOff and the detailed error:

Failed to pull image “{MYREPO/myservice}”: Error response from daemon: {“message”:”Get https://{SERVER}:{PORT}/v1/_ping: x509: certificate signed by unknown authority”}

There are a couple of things you can do. The easy way:

vi /etc/docker/daemon.json
  "insecure-registries": ["{SERVER}:{PORT}"]
systemctl restart docker

Or add the certifcate to the trusted list. This example is for ubuntu.

Add the secret

kubectl create secret docker-registry dockerkey --docker-username={USER} --docker-password={PASSWORD} --docker-email=r{EMAIL} --docker-server={SERVER}:{PORT}

On the hosts get the self signed cert (if needed):

ex +'/BEGIN CERTIFICATE/,/END CERTIFICATE/p' <(echo | openssl s_client -showcerts -connect {SERVER}:{PORT}) -scq > cert.crt

Add the cert to the list.

cp dev-reg.crt /usr/local/share/ca-certificates

Update the ca-certificates.

List catalog:

sudo update-ca-certificates

Check the cert is trusted:

curl https://{SERVER}:{PORT}