I'm having a problem with VIO Kubernetes 4.1 when trying to use a private internal docker registry with a certificate signed by my internal domain CA.
I've deployed a kubernetes cluster directly in SDDC mode on my vcenter.
I've changed the kubernetes api server cluster certificate with one signed internally by my ca.
When I deploy something on the cluster from my internal registry i get an error.
Error syncing pod
I suppose that i should copy my ca configuration to all kubernetes nodes but I'm not sure on how to do it and it seems I cannot find any guide to do it.
I've found a site with some instruction on how to connect to the various nodes.
From the vio for kubernetes management machine:
vkube login --insecure
vkube cluster list --insecure
Make a note of the Cluster ID of the cluster you want to access
vkube cluster show <Cluster ID> --insecure
Make a note of the IP of the Master and Worker Nodes.
docker exec -it app-api /bin/bash
cd /var/lib/vrc/terraform/<ClusterID>
ssh -i private.key -F ssh-bastion.conf ubuntu@Kubernetes_Host_IP_Address
Does your registry have this root CA cert added to its trust store? If not, you need to do that because the error message presented suggests there is no trust for what your nodes are presenting. Note that I'm not familiar with VIO so I can't help with that angle.
The problem is that I'm not a kubernetes expert, just trying to get something up to understand how it work. My registry have the correct CA configured, I already use it from other docker machines.
From the VIO Kubernetes virtual appliance (the one used to deploy kubernetes cluster) I've configured my corporate ca correctly and I can login with docker on my registry without any problem.
The problem is when i try to deploy a pod with images on this registry.
I think that in this case the machine trying to get the image are the "kubernetes nodes" that don't have my corporate ca in the trusted ca or in the /etc/docker/certs.d/registryserver/ directory.
I'm trying to understand how to push a certificate on the kubernetes nodes/master virtual machine but I don't know how to login on those or if there's any command to do it on the management.
I've found a site with some instruction on how to connect to the various nodes.
From the vio for kubernetes management machine:
vkube login --insecure
vkube cluster list --insecure
Make a note of the Cluster ID of the cluster you want to access
vkube cluster show <Cluster ID> --insecure
Make a note of the IP of the Master and Worker Nodes.
docker exec -it app-api /bin/bash
cd /var/lib/vrc/terraform/<ClusterID>
ssh -i private.key -F ssh-bastion.conf ubuntu@Kubernetes_Host_IP_Address