You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Dec 8, 2023. It is now read-only.
I created a four node + master cluster with the build k3OS v0.2.2-rc2 ISO image. I installed via HelmChart cert-manager and created also a local registry. Upload works, but if I create a pod:
Failed to pull image "registry.example.local/myapps/my-service-a-app:1.0.0": rpc error: code = Unknown desc = failed to resolve image "registry.example.local/myapps/my-service-a-app:1.0.0": no available registry endpoint: failed to do request: Head https://registry.example.local/v2/myapps/my-service-a-app/manifests/1.0.0: x509: certificate signed by unknown authority
I thought: if I get the cert-manger working (with Hashicorp Vault PKI backend), than my local CA is trusted too, but it seems not.
So my question is: what I have to do, that my local CA is trusted ?
I found /etc/ssl/certs/ca-certificates.crt and added my local CA, but maybe, its the wrong way to do it.
any suggestions ?
cu denny
The text was updated successfully, but these errors were encountered:
Reboot the node for the new config to write the cert and for it to take effect. You should now be able to pull from an HTTPS registry that was issued a certificate by the CA with that CA cert.
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
hi,
I created a four node + master cluster with the build k3OS v0.2.2-rc2 ISO image. I installed via HelmChart cert-manager and created also a local registry. Upload works, but if I create a pod:
I thought: if I get the cert-manger working (with Hashicorp Vault PKI backend), than my local CA is trusted too, but it seems not.
So my question is: what I have to do, that my local CA is trusted ?
I found /etc/ssl/certs/ca-certificates.crt and added my local CA, but maybe, its the wrong way to do it.
any suggestions ?
cu denny
The text was updated successfully, but these errors were encountered: