All geek questions in one place

Obtaining "x509: certificate signed by an unknown authority", even with the option "insinsure-skip-tls-verify" in Kubernetes

I have a personal registry of Docker images running on a Linux virtual machine (10.78.0.228Point000), and a Kubernetes wizard running on another virtual machine running Centos Linux 7.

I used the command below to create a POD:
kubectl create --insecure-skip-tls-verify -f monitorms-rc.yml

I get this:

sample monitorms-mmqhm 0/1 ImagePullBackOff 0 8m

and after launch: kubectl describe pod monitorms-mmqhm --namespace=sample

Warning Failed to get image "10.78.0.228►000/monitorms": Error response from daemon: {"message": "Receive https ://10.78.0.228►000/v1/_ping: x509: certificate signed by unknown authority"}

Shouldn't Kubernetes ignore the server certificate for all operations during POD creation when --insecure-skip-tls-verify ?

If not, then how do I get it to ignore the tls check when extracting the docker image?

PS:

Kubernetes version:

Client Version: v1.5.2 Server Version: v1.5.2

I raised this problem here: https://github.com/kubernetes/kubernetes/issues/43924

+7
source share
1 answer

The problem you see is actually a docker problem. Using --insecure-skip-tls-verify is a valid argument for kubectl , but it only deals with the connection between kubectl and the kubernetes API server. The error you actually see is because the docker daemon cannot enter the personal registry, because the certificate that it uses is unsigned.

Look at the unprotected Docker registry documents and this should fix your problem.

+6
source

Source: https://habr.com/ru/post/1266188/

More articles:


All Articles