Hi,
My company have a internal CA certificate chain and I need to install the internal ca.crt on Karbon, it’s possible?
Use case, install a pod using kubectl from a internal registry are not possible due they didn’t know the root CA authority installed at the registry server.
Anibal
Best answer by Anibal Ulisses
Hi
Problem solved…
On my notebook docker installation I already configured the certificate like you described:
1) On master and worker nodes create $URL directory at /etc/docker/certs.d/ where $URLis replaced with their registry hostname and port:
sudo mkdir /etc/docker/certs.d/example.com:5000
Copy (scp or download) registry.crt to /etc/docker/certs.d/example.com:5000/registry.crt
But I found two problem that after I understand I have success to configure the certificate chain:
- Need to run this command to reload the new settings:
systemctl daemon-reload && systemctl restart docker
- Need to install the certificate on all Master and Worker nodes, and run step 1 on each one.
Another point that I faced, unfortunately I have a proxy between my server and internet. When the karbon are deployed they didn’t get the “whitelist” configure at Prism Element to include on the NO_PROXY variable, they only get the PROXY_HTTP(S) information. I need to adjust on all nodes.
No my certificate chain are running fine :-)
Thank you.
Anibal