Comment 1 for bug 1853653
Revision history for this message
| George Kraft (cynerva) wrote Re: Containerd fails to pull image from private docker registry due to "tls: bad certificate" | #1 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
-- Workaround 1: Disable docker-registry mutual authentication
juju config docker-registry tls-ca-path=""
Please note that this comes with security implications. Normally, the docker-registry charm will refuse to serve images to any client that does not present a client certificate signed by the easyrsa it is related to. This means that only members of the Charmed Kubernetes cluster can pull from it. If you disable mutual authentication, then docker-registry will serve images to any client who can reach its endpoint.
-- Workaround 2: Use docker instead of containerd
The docker charm is not affected by this bug. Using docker instead of containerd is briefly covered here: https:/