ErrImagePull: x509: certificate signed by unknown authority
Quote from moshe on 10/01/2023, 4:12 pmProblem
User gets the following error when running the command
kubectl describe pod rabbitmq-0
ErrImagePull: x509: certificate signed by unknown authority
Solution
Run the following commands on the master node
Edit or create the file /etc/docker/daemon.json and add insecure-registries:
vi etc/docker/daemon.json
{
"insecure-registries": [
"repo.k8s.tracston.local",
"repo.k8s.tracston.local:443"
]
}#Restart docker daemon
systemctl restart docker
Export the certificate file from the repository and import to docker
mkdir -p /etc/docker/certs.d/repo.k8s.tracston.local
mkdir -p /etc/docker/certs.d/repo.k8s.tracston.local:443openssl s_client -showcerts -verify 5 -connect repo.k8s.tracston.local:443 < /dev/null 2>/dev/null | openssl x509 -outform PEM > /etc/docker/certs.d/repo.k8s.tracston.local/ca.crt
openssl s_client -showcerts -verify 5 -connect repo.k8s.tracston.local:443 < /dev/null 2>/dev/null | openssl x509 -outform PEM > /etc/docker/certs.d/repo.k8s.tracston.local:443/ca.crt
systemctl restart docker
Problem
User gets the following error when running the command
kubectl describe pod rabbitmq-0
ErrImagePull: x509: certificate signed by unknown authority
Solution
Run the following commands on the master node
Edit or create the file /etc/docker/daemon.json and add insecure-registries:
vi etc/docker/daemon.json
{
"insecure-registries": [
"repo.k8s.tracston.local",
"repo.k8s.tracston.local:443"
]
}#Restart docker daemon
systemctl restart docker
Export the certificate file from the repository and import to docker
mkdir -p /etc/docker/certs.d/repo.k8s.tracston.local
mkdir -p /etc/docker/certs.d/repo.k8s.tracston.local:443
openssl s_client -showcerts -verify 5 -connect repo.k8s.tracston.local:443 < /dev/null 2>/dev/null | openssl x509 -outform PEM > /etc/docker/certs.d/repo.k8s.tracston.local/ca.crt
openssl s_client -showcerts -verify 5 -connect repo.k8s.tracston.local:443 < /dev/null 2>/dev/null | openssl x509 -outform PEM > /etc/docker/certs.d/repo.k8s.tracston.local:443/ca.crt
systemctl restart docker