My company have a internal CA certificate chain and I need to install the internal ca.crt on Karbon, it’s possible?
Use case, install a pod using kubectl from a internal registry are not possible due they didn’t know the root CA authority installed at the registry server.
Best answer by Anibal Ulisses
On my notebook docker installation I already configured the certificate like you described:
1) On master and worker nodes create $URL directory at /etc/docker/certs.d/ where $URLis replaced with their registry hostname and port:
sudo mkdir /etc/docker/certs.d/example.com:5000
Copy (scp or download) registry.crt to /etc/docker/certs.d/example.com:5000/registry.crt
But I found two problem that after I understand I have success to configure the certificate chain:
- Need to run this command to reload the new settings:
systemctl daemon-reload && systemctl restart docker
- Need to install the certificate on all Master and Worker nodes, and run step 1 on each one.
Another point that I faced, unfortunately I have a proxy between my server and internet. When the karbon are deployed they didn’t get the “whitelist” configure at Prism Element to include on the NO_PROXY variable, they only get the PROXY_HTTP(S) information. I need to adjust on all nodes.
No my certificate chain are running fine :-)