Using minikube to pull image from local Docker registry (with self-signed CA certificate)





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}







0















Using minikube to pull image from local Docker registry (with self-signed CA certificate)



I'd like to be able to run minikube so that it can access a local docker registry using a self signed CA certificate. Ideally the process should be automated so that I can use a *deployment.yaml file to pull the required image without intervention.



At the moment I'm using a workaroud as follows:



#ssh into the minikube instance

sudo minikube ssh

#create a folder for the certificate

sudo mkdir /etc/docker/certs.d/dave.local:5000

#copy the crt file from the registry computer to the minikube instance

sudo scp user@192.168.1.2:/home/dave/certs/domain.crt /etc/docker/certs.d/dave.local:5000

#then check login

docker login dave.local:5000

#then pull image so that it's already in minikube

docker pull dave.local:5000/davedockerimage


I then edit the *deployment.yaml with imagePullPolicy: Never . When I then run sudo kubectl create -f dave-deployment.yamlit finds dave.local:5000/davedockerimagelocally on minikube it uses the already pulled image.



If imagePullPolicy: Always . The image pull fails in minikube.



I've been through a range of tutorials/stack overflow answers and have been unable to crack this. Any help appreciated.






docker kubernetes minikube







share|improve this question

























  • How does it fail? If you need to docker login, does adding an appropriate imagePullSecret: help?

    – David Maze
    Jan 4 at 17:03











  • I've tried using imagePullSecret: and that seems to work, but I get an issue with the certificate Failed to pull image "dave.local:5000/davedockerimage": rpc error: code = Unknown desc = Error response from daemon: Get https://dave.local:5000/v2/: x509: certificate signed by unknown authority

    – tmn103
    Jan 4 at 17:26













  • Once you moved the certs to /etc/docker/certs.d/dave.local:5000 did you reload docker daemon to use the certificate?

    – Sujay Pillai
    Jan 4 at 18:00











  • No, I didn't have to restart docker

    – tmn103
    Jan 4 at 18:11


















0















Using minikube to pull image from local Docker registry (with self-signed CA certificate)



I'd like to be able to run minikube so that it can access a local docker registry using a self signed CA certificate. Ideally the process should be automated so that I can use a *deployment.yaml file to pull the required image without intervention.



At the moment I'm using a workaroud as follows:



#ssh into the minikube instance

sudo minikube ssh

#create a folder for the certificate

sudo mkdir /etc/docker/certs.d/dave.local:5000

#copy the crt file from the registry computer to the minikube instance

sudo scp user@192.168.1.2:/home/dave/certs/domain.crt /etc/docker/certs.d/dave.local:5000

#then check login

docker login dave.local:5000

#then pull image so that it's already in minikube

docker pull dave.local:5000/davedockerimage


I then edit the *deployment.yaml with imagePullPolicy: Never . When I then run sudo kubectl create -f dave-deployment.yamlit finds dave.local:5000/davedockerimagelocally on minikube it uses the already pulled image.



If imagePullPolicy: Always . The image pull fails in minikube.



I've been through a range of tutorials/stack overflow answers and have been unable to crack this. Any help appreciated.






docker kubernetes minikube







share|improve this question

























  • How does it fail? If you need to docker login, does adding an appropriate imagePullSecret: help?

    – David Maze
    Jan 4 at 17:03











  • I've tried using imagePullSecret: and that seems to work, but I get an issue with the certificate Failed to pull image "dave.local:5000/davedockerimage": rpc error: code = Unknown desc = Error response from daemon: Get https://dave.local:5000/v2/: x509: certificate signed by unknown authority

    – tmn103
    Jan 4 at 17:26













  • Once you moved the certs to /etc/docker/certs.d/dave.local:5000 did you reload docker daemon to use the certificate?

    – Sujay Pillai
    Jan 4 at 18:00











  • No, I didn't have to restart docker

    – tmn103
    Jan 4 at 18:11














0












0








0








Using minikube to pull image from local Docker registry (with self-signed CA certificate)



I'd like to be able to run minikube so that it can access a local docker registry using a self signed CA certificate. Ideally the process should be automated so that I can use a *deployment.yaml file to pull the required image without intervention.



At the moment I'm using a workaroud as follows:



#ssh into the minikube instance

sudo minikube ssh

#create a folder for the certificate

sudo mkdir /etc/docker/certs.d/dave.local:5000

#copy the crt file from the registry computer to the minikube instance

sudo scp user@192.168.1.2:/home/dave/certs/domain.crt /etc/docker/certs.d/dave.local:5000

#then check login

docker login dave.local:5000

#then pull image so that it's already in minikube

docker pull dave.local:5000/davedockerimage


I then edit the *deployment.yaml with imagePullPolicy: Never . When I then run sudo kubectl create -f dave-deployment.yamlit finds dave.local:5000/davedockerimagelocally on minikube it uses the already pulled image.



If imagePullPolicy: Always . The image pull fails in minikube.



I've been through a range of tutorials/stack overflow answers and have been unable to crack this. Any help appreciated.






docker kubernetes minikube







share|improve this question
















Using minikube to pull image from local Docker registry (with self-signed CA certificate)



I'd like to be able to run minikube so that it can access a local docker registry using a self signed CA certificate. Ideally the process should be automated so that I can use a *deployment.yaml file to pull the required image without intervention.



At the moment I'm using a workaroud as follows:



#ssh into the minikube instance

sudo minikube ssh

#create a folder for the certificate

sudo mkdir /etc/docker/certs.d/dave.local:5000

#copy the crt file from the registry computer to the minikube instance

sudo scp user@192.168.1.2:/home/dave/certs/domain.crt /etc/docker/certs.d/dave.local:5000

#then check login

docker login dave.local:5000

#then pull image so that it's already in minikube

docker pull dave.local:5000/davedockerimage


I then edit the *deployment.yaml with imagePullPolicy: Never . When I then run sudo kubectl create -f dave-deployment.yamlit finds dave.local:5000/davedockerimagelocally on minikube it uses the already pulled image.



If imagePullPolicy: Always . The image pull fails in minikube.



I've been through a range of tutorials/stack overflow answers and have been unable to crack this. Any help appreciated.






docker kubernetes minikube




docker kubernetes minikube






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Jan 4 at 17:02









David Maze

16.5k31632




16.5k31632










asked Jan 4 at 17:00









tmn103tmn103

5610




5610













  • How does it fail? If you need to docker login, does adding an appropriate imagePullSecret: help?

    – David Maze
    Jan 4 at 17:03











  • I've tried using imagePullSecret: and that seems to work, but I get an issue with the certificate Failed to pull image "dave.local:5000/davedockerimage": rpc error: code = Unknown desc = Error response from daemon: Get https://dave.local:5000/v2/: x509: certificate signed by unknown authority

    – tmn103
    Jan 4 at 17:26













  • Once you moved the certs to /etc/docker/certs.d/dave.local:5000 did you reload docker daemon to use the certificate?

    – Sujay Pillai
    Jan 4 at 18:00











  • No, I didn't have to restart docker

    – tmn103
    Jan 4 at 18:11



















  • How does it fail? If you need to docker login, does adding an appropriate imagePullSecret: help?

    – David Maze
    Jan 4 at 17:03











  • I've tried using imagePullSecret: and that seems to work, but I get an issue with the certificate Failed to pull image "dave.local:5000/davedockerimage": rpc error: code = Unknown desc = Error response from daemon: Get https://dave.local:5000/v2/: x509: certificate signed by unknown authority

    – tmn103
    Jan 4 at 17:26













  • Once you moved the certs to /etc/docker/certs.d/dave.local:5000 did you reload docker daemon to use the certificate?

    – Sujay Pillai
    Jan 4 at 18:00











  • No, I didn't have to restart docker

    – tmn103
    Jan 4 at 18:11

















How does it fail? If you need to docker login, does adding an appropriate imagePullSecret: help?

– David Maze
Jan 4 at 17:03





How does it fail? If you need to docker login, does adding an appropriate imagePullSecret: help?

– David Maze
Jan 4 at 17:03













I've tried using imagePullSecret: and that seems to work, but I get an issue with the certificate Failed to pull image "dave.local:5000/davedockerimage": rpc error: code = Unknown desc = Error response from daemon: Get https://dave.local:5000/v2/: x509: certificate signed by unknown authority

– tmn103
Jan 4 at 17:26







I've tried using imagePullSecret: and that seems to work, but I get an issue with the certificate Failed to pull image "dave.local:5000/davedockerimage": rpc error: code = Unknown desc = Error response from daemon: Get https://dave.local:5000/v2/: x509: certificate signed by unknown authority

– tmn103
Jan 4 at 17:26















Once you moved the certs to /etc/docker/certs.d/dave.local:5000 did you reload docker daemon to use the certificate?

– Sujay Pillai
Jan 4 at 18:00





Once you moved the certs to /etc/docker/certs.d/dave.local:5000 did you reload docker daemon to use the certificate?

– Sujay Pillai
Jan 4 at 18:00













No, I didn't have to restart docker

– tmn103
Jan 4 at 18:11





No, I didn't have to restart docker

– tmn103
Jan 4 at 18:11












1 Answer
1






active

oldest

votes


















0














As a alternative for using self signed certificate in minikube you can start minikube with insecure-registry option like below:



minikube start --insecure-registry="dave.local:5000"





share|improve this answer
























  • I tried that previously, but the pull failed as it then looked for http://dave.local:5000/ rather than https://dave.local:5000/

    – tmn103
    Jan 4 at 18:13












Your Answer






StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f54043190%2fusing-minikube-to-pull-image-from-local-docker-registry-with-self-signed-ca-cer%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









0














As a alternative for using self signed certificate in minikube you can start minikube with insecure-registry option like below:



minikube start --insecure-registry="dave.local:5000"





share|improve this answer
























  • I tried that previously, but the pull failed as it then looked for http://dave.local:5000/ rather than https://dave.local:5000/

    – tmn103
    Jan 4 at 18:13
















0














As a alternative for using self signed certificate in minikube you can start minikube with insecure-registry option like below:



minikube start --insecure-registry="dave.local:5000"





share|improve this answer
























  • I tried that previously, but the pull failed as it then looked for http://dave.local:5000/ rather than https://dave.local:5000/

    – tmn103
    Jan 4 at 18:13














0












0








0







As a alternative for using self signed certificate in minikube you can start minikube with insecure-registry option like below:



minikube start --insecure-registry="dave.local:5000"





share|improve this answer













As a alternative for using self signed certificate in minikube you can start minikube with insecure-registry option like below:



minikube start --insecure-registry="dave.local:5000"






share|improve this answer












share|improve this answer



share|improve this answer










answered Jan 4 at 18:00









Hansika Madushan WeerasenaHansika Madushan Weerasena

634416




634416













  • I tried that previously, but the pull failed as it then looked for http://dave.local:5000/ rather than https://dave.local:5000/

    – tmn103
    Jan 4 at 18:13



















  • I tried that previously, but the pull failed as it then looked for http://dave.local:5000/ rather than https://dave.local:5000/

    – tmn103
    Jan 4 at 18:13

















I tried that previously, but the pull failed as it then looked for http://dave.local:5000/ rather than https://dave.local:5000/

– tmn103
Jan 4 at 18:13





I tried that previously, but the pull failed as it then looked for http://dave.local:5000/ rather than https://dave.local:5000/

– tmn103
Jan 4 at 18:13




















draft saved

draft discarded




















































Thanks for contributing an answer to Stack Overflow!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f54043190%2fusing-minikube-to-pull-image-from-local-docker-registry-with-self-signed-ca-cer%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

Popular posts from this blog

Monofisismo

Image
Monofisismo (do grego: monos - "único, singular" e physis - "natureza") é o ponto de vista cristológico que defende que, depois da união do divino e do humano na encarnação histórica, Jesus Cristo, como encarnação do Filho ou Verbo ( Logos ) de Deus, teria apenas uma única "natureza", a divina, e não uma síntese de ambas. O monofisismo é contraposto pelo diofisismo (ou "diafisismo"), que defende que Jesus preservou em si as duas naturezas. Historicamente, o monofisismo se refere primordialmente à posição dos que (especialmente no Egito e, em menor grau, na Síria) rejeitaram as decisões do Concílio de Calcedônia em 451 (o quarto concílio ecumênico). Os membros mais moderados entre eles, porém, defendem a teologia "miafisita", que se tornou a oficial para as Igrejas Ortodoxas Orientais. Muitos ortodoxos orientais, porém, rejeitam essa classificação, mesmo como um termo genérico, mas ele é amplamente utilizado na literatura históri...
Read more

Angular Downloading a file using contenturl with Basic Authentication

Image
0 I have a contentUrl when user clicks on that,file should be downloaded. If I try to browse the contentUrl in the browser it asks for Userid and password.I believe this is Basic Authentication.I dont want user to enter UserId and Password so I am passing it Authorization(Please see below code). Url looks some thing like this: http://XXX.XXX.XX.XXX:8080/flowable-rest/service/runtime/tasks/90875/attachments/90555/content let username : string = 'admin'; let pwd : string = 'test'; let headers = new Headers(); headers.set('Accept', 'text/json'); headers.append('Content-Type', 'application/json'); headers.set('Access-Control-Allow-Origin', '*'); headers.set('Access-Control-Allow-Methods','POST, GET, OPTIONS, PUT, DELETE'); head...
Read more

Olmecas

Image
Monumento 1, uma das quatro cabeças colossais encontradas em La Venta, com altura aproximada de 3 metros Olmecas é a designação do povo e da civilização que estiveram na origem da antiga cultura pré-colombiana da Mesoamérica e que se desenvolveram nas regiões tropicais do centro-sul do atual México durante o pré-clássico, próximo de onde hoje estão localizados os estados mexicanos de Veracruz e Tabasco, no Istmo de Tehuantepec, numa zona designada área nuclear olmeca. A cultura olmeca floresceu nesta região aproximadamente entre 1500 e 400 a.C., [ 1 ] e crê-se que tenha sido a civilização-mãe de todas as civilizações mesoamericanas que se desenvolveram posteriormente. [ 2 ] No entanto, desconhece-se a sua exacta filiação étnica, ainda que existam numerosas hipóteses colocadas para tentar resolver esta questão. O etnónimo olmeca foi cunhado pelos arqueólogos do século XX, e não devem confundir-se com os muito posteriores olmecas-xicalancas que ocuparam vários locais do México...
Read more