0
votes

I'm trying to setup a Kubernetes system in our lab at work. I have gone through all the steps, but fail when trying to do the kubeadm.

It appears to be an issue with pulling the images:

[root@kubemaster ~]# kubeadm config images pull --kubernetes-version=v1.11.2 failed to pull image "k8s.gcr.io/kube-apiserver-amd64:v1.11.2": exit status 1

I am able to pull Docker images such as hello-world, Ubuntu, and CentOS without issue.

I believe this may be a proxy issue or something like that as I had to add the --kubernetes-version tag since I was getting X.509 errors when trying to install otherwise.

If I try to pull the Kubernetes images with Docker I get the following:

[root@kubemaster ~]# docker pull k8s.gcr.io/kube-apiserver-amd64:v1.11.2 v1.11.2: Pulling from kube-apiserver-amd64 8c5a7da1afbc: Pulling fs layer 5d75b555908b: Pulling fs layer error pulling image configuration: Get https://storage.googleapis.com/us.artifacts.google-containers.appspot.com/containers/images/sha256:821507941e9c72afd5df91ddb3dceea58ea31a8e3895a06df794c0fd785edae2: x509: certificate signed by unknown authority

Any help would be appreciated.

Thanks, Doug

1

1 Answers

1
votes

There are 2 possibilities why you have problem with trust for official google's site:

  1. Your company is doing man-in-the-middle by decrypting your traffic and dynamically issuing self-signed certificate for Google domains which you want to access from within your company's network
  2. You don't have Google certificates placed in CA files directory on OS where you want to pull images - it means that somebody deleted that cert because of something.

In both cases you should download Google CA cert and place it in your trusted certificates in system where you want to run Kubernetes - more info for Ubuntu: https://askubuntu.com/questions/645818/how-to-install-certificates-for-command-line