-
Notifications
You must be signed in to change notification settings - Fork 4.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OpenShift 4.1 Docker login internal registry error: x509: certificate signed by unknown authority #23902
Comments
Since you're exposing via the default route, the registry uses the certificates configured by the ingress operator. Out of the box, the ingress operator uses a self-signed certificate. You have a few options:
[1] https://docs.openshift.com/container-platform/4.1/networking/ingress-operator.html#nw-ingress-setting-a-custom-default-certificate_configuring-ingress /close |
@adambkaplan: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
@chrisc66 was asking where to get the Edited: It seems that most service accounts in Kubernetes/Openshift have access to the root certificates via their secrets. So you can create your own secret for a service account and mount it to a pod:
You may also need to run the |
I have an OpenShift 4.1 cluster installed recently. I am trying to access OpenShift cluster internal docker registry. It is a 3 master, 5 worker nodes cluster. I am having trouble with finding internal registry certificate.
Version: OpenShift 4.1
Steps To Reproduce
kubeadmin
) credentialsCurrent Result
Expected Result
Additional Information
I found that there is no internal registry certificate under
/etc/docker/certs.d
. So I added a/etc/docker/certs.d/default-route-openshift-image-registry.apps.tariff.os.fyre.ibm.com
directory. Where and how should I get theca.crt
file?The text was updated successfully, but these errors were encountered: