I am attempting to use Minikube for local kubernetes development. I have set up my docker environment to use the docker daemon running in the provided Minikube VM (boot2docker) as suggested:
eval $(minikube docker-env)
It sets up these environment variables:
export DOCKER_TLS_VERIFY="1"
export DOCKER_HOST="tcp://192.168.99.100:2376"
export DOCKER_CERT_PATH="/home/jasonwhite/.minikube/certs"
When I attempt to pull an image from our private docker repository:
docker pull oururl.com:5000/myimage:v1
I get this error:
Error response from daemon: Get https://oururl.com:5000/v1/_ping: x509: certificate signed by unknown authority
It appears I need to add a trusted ca root certificate somehow, but have been unsuccessful so far in my attempts.
I can hit the repository fine with curl using our ca root cert:
curl --cacert /etc/ssl/ca/ca.pem https://oururl.com:5000/v1/_ping
I came up with a work-around for the situation with suggestions from these sources:
https://github.com/docker/machine/issues/1799
https://github.com/docker/machine/issues/1872
I logged into the Minikube VM (minikube ssh
), and edited the /usr/local/etc/ssl/certs/ca-certificates.crt
file by appending my own ca cert.
I then restarted the docker daemon while still within the VM: sudo /etc/init.d/docker restart
This is not very elegant in that if I restart the Minikube VM, I need to repeat these manual steps each time.
As an alternative, I also attempted to set the --insecure-registry myurl.com:5000
option in the DOCKER_OPTS
environment variable (restarted docker), but this didn't work for me.