-
1. Re: VIO Kubernetes and private docker registry certificate
daphnissov Mar 8, 2019 8:33 AM (in response to fduranti)Does your registry have this root CA cert added to its trust store? If not, you need to do that because the error message presented suggests there is no trust for what your nodes are presenting. Note that I'm not familiar with VIO so I can't help with that angle.
-
2. Re: VIO Kubernetes and private docker registry certificate
fduranti Mar 8, 2019 8:53 AM (in response to daphnissov)The problem is that I'm not a kubernetes expert, just trying to get something up to understand how it work. My registry have the correct CA configured, I already use it from other docker machines.
From the VIO Kubernetes virtual appliance (the one used to deploy kubernetes cluster) I've configured my corporate ca correctly and I can login with docker on my registry without any problem.
The problem is when i try to deploy a pod with images on this registry.
I think that in this case the machine trying to get the image are the "kubernetes nodes" that don't have my corporate ca in the trusted ca or in the /etc/docker/certs.d/registryserver/ directory.
I'm trying to understand how to push a certificate on the kubernetes nodes/master virtual machine but I don't know how to login on those or if there's any command to do it on the management.
-
3. Re: VIO Kubernetes and private docker registry certificate
fduranti Mar 10, 2019 7:27 AM (in response to fduranti)I've found a site with some instruction on how to connect to the various nodes.
From the vio for kubernetes management machine:
vkube login --insecure
vkube cluster list --insecure
Make a note of the Cluster ID of the cluster you want to access
vkube cluster show <Cluster ID> --insecure
Make a note of the IP of the Master and Worker Nodes.
docker exec -it app-api /bin/bash
cd /var/lib/vrc/terraform/<ClusterID>
ssh -i private.key -F ssh-bastion.conf ubuntu@Kubernetes_Host_IP_Address