I’ve been evaluating Rancher 2 for use in my organization. On my Rancher server, pulling images from the Docker Hub registry works fine,
but I am having an issue using a private Docker Registry.
My private Docker registry…
- Valid CA-signed certificate for HTTPS
- Listening on TCP 443
- No user authentication for pushing images to, or pulling images from my private registry
- Using Docker I am able to push images to, and pull images from my private registry
On my Rancher server I have…
- Ubuntu 16.04.5 LTS
- Docker version 18.06.1-ce, build e68fc7a
- A Docker container running the latest version of Rancher 2, no other containers
- Added the CA-signed certificate for my private Docker Registry to the Rancher server host, but not the Rancher server container.
sudo cp vhdocker.hosp.domain.com.crt /usr/local/share/ca-certificates
- I add my private Docker Registry to Rancher server
- Attempt to deploy a workload from an image in my private registry
- A pod is created on a node
At his point I receive a minimum availability error and Rancher server appears unable to pull the image from my private Docker Registry. The following cert related errors are displayed:
ImagePullBackOff: Back-off pulling image "vhdocker.hosp.domain.com/myapp"
ErrImagePull: rpc error: code = Unknown desc = Error response from daemon: Get https://vhdocker.hosp.domain.com/v2/: x509: certificate signed by unknown authority
When running the Rancher server container with Docker is there a procedure I need to perform to pass the cert for my private Docker Registry to Rancher? Something like: