I want to enroll the root CA certificate with KubernetesAPI

Asked 2 years ago, Updated 2 years ago, 95 views

I am building a kubernetes environment with microk8s on a physical server.
In order to build a docker registry pod in the environment and pull and deploy a custom image directly into Kubernetes, it was necessary to communicate with the kubernetes
Therefore, I had an environment where I set up a step-ca pod as a CA server and automatically issue certificates to docker registry, but I don't know how to make the Kubernetes API look at the CA root certificate.

I have read the following document, but although the situation is close, I cannot apply it because it is the root certificate of the CA that I want to enroll.
https://kubernetes.io/docs/tasks/tls/managing-tls-in-a-cluster/

$kubectl version
Client Version: version.Info {Major:"1", Minor:"23", GitVersion:"v1.23.3", GitCommit:"816c97ab8cff8a1c72ecca1026f7820e93e0d25", GitTreeState:"clean", BuildDate:"2022-01-25T21:25", CompformVersion:17"GettingVersion:"
Server Version: version.Info {Major:"1", Minor: "23+", GitVersion: "v1.23.4-2+98fc2022f3ad3e", GitCommit: "98fc2022f3ad3e02b6e01f0a87c0975d41207e", GitTreeState: "clean", BuildDate:14:54" GoZers:14:54

step-ca version

smallstep/step-ca: 0.18.1

docker registry version

registry: 2.8.0

Deployment Log

Events:
  Type Reason Age From Message
  ----     ------            ----               ----               -------
  Normal Scheduled 66s default-scheduler Successfully assigned develop/load-custom-img-dep-76d545bc7-ktsmz to myhost
  Normal Pulling 26s (x3 over 65s) kubelet Pulling image "192.168.1.31:30050/custom-image:latest"
  Warning  Failed            26s (x3 over 65s)  kubelet            Failed to pull image "192.168.1.31:30050/custom-image:latest": rpc error: code = Unknown desc = failed to pull and unpack image "192.168.1.31:30050/custom-image:latest": failed to resolve reference "192.168.1.31:30050/custom-image:latest": failed to do request: Head "https://192.168.1.31:30050/v2/custom-image/manifests/latest": x509: certificate signed by unknown authority
  Warning Failed 26s (x3 over 65s) kubelet Error: ErrImagePull
  Normal BackOff 13s (x4 over 64s) kubelet Back-off pulling image "192.168.1.31:30050 / custom-image:latest"
  Warning Failed 13s (x4 over 64s) kubelet Error: ImagePullBackOff

In addition to the certificate registration method, I am still not familiar with SSL/TLS, so please let me know if there are any mistakes in understanding or methodology.
Thank you for your cooperation.

docker ssl kubernetes

2022-09-30 19:22

1 Answers

I think there is a problem with your ssl validation!
see this:
https://stackoverflow.com/questions/72546045/getting-x509-certificate-signed-by-unknown-authority-error-while-verifying-c


2022-09-30 19:22

If you have any answers or tips


© 2024 OneMinuteCode. All rights reserved.