Can not pull docker image from private repo when using Minikube

Jason White picture Jason White · Aug 3, 2016 · Viewed 10.8k times · Source

I am attempting to use Minikube for local kubernetes development. I have set up my docker environment to use the docker daemon running in the provided Minikube VM (boot2docker) as suggested:

eval $(minikube docker-env)

It sets up these environment variables:

export DOCKER_TLS_VERIFY="1"
export DOCKER_HOST="tcp://192.168.99.100:2376"
export DOCKER_CERT_PATH="/home/jasonwhite/.minikube/certs"

When I attempt to pull an image from our private docker repository:

docker pull oururl.com:5000/myimage:v1

I get this error:

Error response from daemon: Get https://oururl.com:5000/v1/_ping: x509: certificate signed by unknown authority

It appears I need to add a trusted ca root certificate somehow, but have been unsuccessful so far in my attempts.

I can hit the repository fine with curl using our ca root cert:

curl --cacert /etc/ssl/ca/ca.pem https://oururl.com:5000/v1/_ping

Answer

Jason White picture Jason White · Aug 3, 2016

I came up with a work-around for the situation with suggestions from these sources:

https://github.com/docker/machine/issues/1799

https://github.com/docker/machine/issues/1872

I logged into the Minikube VM (minikube ssh), and edited the /usr/local/etc/ssl/certs/ca-certificates.crt file by appending my own ca cert.

I then restarted the docker daemon while still within the VM: sudo /etc/init.d/docker restart

This is not very elegant in that if I restart the Minikube VM, I need to repeat these manual steps each time.

As an alternative, I also attempted to set the --insecure-registry myurl.com:5000 option in the DOCKER_OPTS environment variable (restarted docker), but this didn't work for me.