This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

[Blogpost] GKE and private registries with Self Signed Certificates

Posted on 12-22-2021 05:48 AM
abdelfettah
Staff
Reply posted on --/--/---- --:-- AM

GKE cannot pull images from a registry that uses certificates that are not signed by a trusted CA: if the kubelet on the node is not able to verify the CA authority for the registry it’s trying to pull an image from, the application pod is stuck in the ContainerCreating stage with an error like “X509: certificate signed by unknown authority”. This behavior is in place for security purposes and cannot be changed.

 

This guide shows a workaround for this issue. We will explore GKE with both Containerd and Docker runtimes. Keep in mind that this is workaround and not an official recommended procedure.

 

https://medium.com/google-cloud/gke-and-private-registries-with-self-signed-certificates-b37b5fd1f98...

1 1 572
Topic Labels
1 REPLY 1

Posted on --/--/---- --:-- AM
hbuiattrc
New Member
Reply posted on --/--/---- --:-- AM

Hi 

Thank you for the sharing. 

We do have an internal registry using certificates signed by internal CA. So I would like to know if the GKE does have any official procedure for such kind of use case now? 

Thanks for your feedback.

Regards

Hung

0 Likes
Top Labels in this Space