Kubernetes Control Plane Charm

Unable to use private docker registry: no managed way to supply CA cert

Bug #1831659 reported by Paul Goins
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Kubernetes Control Plane Charm
New
Undecided
Unassigned

Bug Description

One of our customers wanted to use a private docker registry for supplying images. There was no need for credentials; the registry was open access. However, the server's certificate was signed by a custom CA.

We probably should have a managed way to allow for using a private registry like this, and a start for that would be simply a way to set the CA cert via Juju.

Workaround: Place the customer's custom CA cert in /etc/ssl/certs/.

(Note: Docker supposedly supports saving CA certs to /etc/docker/certs.d/<hostname>/ca.crt, however I could not get that to work myself.)

Revision history for this message
Drew Freiberger (afreiberger) wrote :

This bug addressed adding a private registry:

https://bugs.launchpad.net/charm-kubernetes-master/+bug/1828853

This bug addresses the need for an external CA to be supported by k8s-worker charms:

https://bugs.launchpad.net/charm-kubernetes-worker/+bug/1831153

Revision history for this message
Paul Goins (vultaire) wrote :

Thanks Drew; I've referred those 2 tickets instead of this one in the case in question.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.