Hi,
My company have a internal CA certificate chain and I need to install the internal ca.crt on Karbon, it’s possible?
Use case, install a pod using kubectl from a internal registry are not possible due they didn’t know the root CA authority installed at the registry server.
Anibal
Hey
https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
Hey,
You will need to do the below:
1) On master and worker nodes create $URL directory at /etc/docker/certs.d/ where $URL is replaced with their registry hostname and port:
sudo mkdir /etc/docker/certs.d/example.com:5000
Copy (scp or download) registry.crt to /etc/docker/certs.d/example.com:5000/registry.crt
Hi
Great, I need to restart the cluster or they identify the new certificates and restart automatic?
Hey
Did you try the above? . Let me know if you need help with anything else. 
Hi
Problem solved…
On my notebook docker installation I already configured the certificate like you described:
1) On master and worker nodes create $URL directory at /etc/docker/certs.d/ where $URLis replaced with their registry hostname and port:
sudo mkdir /etc/docker/certs.d/example.com:5000
Copy (scp or download) registry.crt to /etc/docker/certs.d/example.com:5000/registry.crt
But I found two problem that after I understand I have success to configure the certificate chain:
systemctl daemon-reload && systemctl restart dockerAnother point that I faced, unfortunately I have a proxy between my server and internet. When the karbon are deployed they didn’t get the “whitelist” configure at Prism Element to include on the NO_PROXY variable, they only get the PROXY_HTTP(S) information. I need to adjust on all nodes.
No my certificate chain are running fine :-)
Thank you.
Anibal
Ahh, that is amazing 
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.