'docker pull registry.central:9001/busybox:latest' WORKS.
'crictl pull registry.central:9001/busybox:latest' does NOT work.
Docker client checks here for registry certs that should be TRUSTED.
/etc/docker/<hostname>[:<port>]/<name>.crt
could be several.
E.g. on subcloud,
/etc/docker/certs.d/registry.local\:9001/registry-cert.crt
/etc/docker/certs.d/registry.central\:9001/registry-cert.crt
crictl uses the entries in the config.toml file for specifying certs that should be TRUSTED:
e.g.
[plugins.cri.registry.configs."registry.local:9001".tls]
ca_file = "/etc/docker/certs.d/registry.local:9001/registry-cert.crt"
However on subcloud there is ONLY an entry for registry.local ...
i.e. there is NO ENTRY for registry.central ... where there SHOULD be
e.g.
[plugins.cri.registry.configs."registry.central:9001".tls]
ca_file = "/etc/docker/certs.d/registry.central:9001/registry-cert.crt"
Debugged this with Bart.
'docker pull registry. central: 9001/busybox: latest' WORKS. central: 9001/busybox: latest' does NOT work.
'crictl pull registry.
Docker client checks here for registry certs that should be TRUSTED. <hostname> [:<port> ]/<name> .crt certs.d/ registry. local\: 9001/registry- cert.crt certs.d/ registry. central\ :9001/registry- cert.crt
/etc/docker/
could be several.
E.g. on subcloud,
/etc/docker/
/etc/docker/
crictl uses the entries in the config.toml file for specifying certs that should be TRUSTED: cri.registry. configs. "registry. local:9001" .tls] certs.d/ registry. local:9001/ registry- cert.crt"
e.g.
[plugins.
ca_file = "/etc/docker/
However on subcloud there is ONLY an entry for registry.local ... cri.registry. configs. "registry. central: 9001".tls] certs.d/ registry. central: 9001/registry- cert.crt"
i.e. there is NO ENTRY for registry.central ... where there SHOULD be
e.g.
[plugins.
ca_file = "/etc/docker/