I practice about kubernetes using minikube
I make docker-registry as a pods and I create docker-registry service
edit /etc/docker/daemon.json
{
"insecure-registries":["192.168.99.100:30050"]
}
edit openssl.conf
[v3_req]
subjectAltName = IP:192.168.99.100And I make certificate
openssl genrsa -out my.crt
openssl req -x509 -new -nodes -key my.key -subj "CN=192.168.99.100:30050" -days 5000 -out my.crtcreate registry-tls-secret
kubectl create secret generic registry-tls-secret --from-file=my.crt=my.crt --from-file=my.key=my.keyand make directory and copy my.crt file into the directory
/etc/docker/certs.d/192.168.99.100:30050So I can push & pull 192.168.99.100:30050/[image]:[tag] on the host
And After I try to make hello-world pods
hello-world image is into the docker-registry(192.168.99.100:30050) already
I create secrets docker-registry regcred
kubectl create secret docker-registry regcred --docker-server=192.168.99.100:30050 --docker-usernmae=<user-name> --docker-password=<user-password> --docker-email=<user-email>and write helloworld-deployment.yaml
...
image: 192.168.99.100:30050/hello-world:v1
...
imagePullSecrets:
-name: regcred
...Finally I apply helloworld-deployment.yaml But I got an error message that
Failed to pull image "192.168.99.100:30050/hello-world:v1": rpc error: code = Unknown desc = Error response from daemon: Get https://192.168.99.100:30050/v2/: x509: certificate signed by unknown authorityI don't really what I'm missing... please help me...
There is no standard for storing a port number in the certificate so Common Name of the certificate should not contain a port. Create Certificate with CN=192.168.99.100 and repeat same steps. For more information on common name refer here.
Make sure you Copy the certificate data to /etc/docker/certs.d/192.168.99.100:30050/ca.crt.