I am gettix x509 certificate issue when AKS is trying to pull docker image from my private repository secured with LetsEncrypt certificate. How can I menage certificate store in AKS to add CA of my certificate etc.
0
votes
I'd guess you'd need a daemonset on aks nodes to modify certificate store. but I'm not sure why that is needed, LE certificates are trusted. can you share the actual error and whatever you are doing to get it?
– 4c74356b41
kubelet Failed to pull image "my registry/my-image:lts": rpc error: code = Unknown desc = Error response from daemon: Get my registry/v2/: x509: certificate signed by unknown authority
– Antu
Please paste exact error and logs from below answer to your post and also provide more details about environment are you working on and yaml files (deployment, service). If you are using specific tutorial please provide link to it.
– Malgorzata
1 Answers
0
votes
Normal Scheduled 8m8s default-scheduler Successfully assigned default/proxy-deployment-568646f8d4-7gnnt to aks-default-26787434-vmss000000
Normal Pulling 6m34s (x4 over 8m7s) kubelet Pulling image "my registry/my-image:lts" Warning Failed 6m34s (x4 over 8m7s) kubelet Failed to pull image "my registry/my-image:lts": rpc error: code = Unknown desc = Error response from daemon: Get https://my registry/v2/: x509: certificate signed by unknown authority Warning Failed 6m34s (x4 over 8m7s) kubelet Error: ErrImagePull Normal BackOff 6m18s (x6 over 8m7s) kubelet Back-off pulling image "my registry/my-image:lts" Warning Failed 3m5s (x19 over 8m7s) kubelet Error: ImagePullBackOff
