How to add a private docker registry to k8s
If you are getting problem with ImagePullBackOff and the detailed error:
Failed to pull image “{MYREPO/myservice}”: Error response from daemon: {“message”:”Get https://{SERVER}:{PORT}/v1/_ping: x509: certificate signed by unknown authority”}
There are a couple of things you can do. The easy way:
vi /etc/docker/daemon.json
{
"insecure-registries": ["{SERVER}:{PORT}"]
}
systemctl restart docker
Or add the certifcate to the trusted list. This example is for ubuntu.
Add the secret
kubectl create secret docker-registry dockerkey --docker-username={USER} --docker-password={PASSWORD} --docker-email=r{EMAIL} --docker-server={SERVER}:{PORT}
On the hosts get the self signed cert (if needed):
ex +'/BEGIN CERTIFICATE/,/END CERTIFICATE/p' <(echo | openssl s_client -showcerts -connect {SERVER}:{PORT}) -scq > cert.crt
Add the cert to the list.
cp dev-reg.crt /usr/local/share/ca-certificates
Update the ca-certificates.
List catalog:
sudo update-ca-certificates
Check the cert is trusted:
curl https://{SERVER}:{PORT}