Getting bad certificate error after installing charmed kubernetes and the docker registry charm

paulrusu · 2 May 2020 12:39

I have deployed charmed kubernetes with the docker-registry charm, and I could build and push an image to the registry. However, if I want to pull that image in a kubernetes deployment, I get error:

Warning Failed 6s (x2 over 21s) kubelet, juju-59fee34-k8s-paul-8 Failed to pull image “registry_ip:registry_port/frontend:latest”: rpc error: code = Unknown desc = failed to pull and unpack image “registry_ip:registry_port/frontend:latest”: failed to resolve reference “registry_ip:registry_port/frontend:latest”: failed to do request: Head https://registry_ip:registry_port/v2/frontend/manifests/latest: remote error: tls: bad certificate

Aren’t easyrsa or vault supposed to manage certificates through the added relations ? What I have noticed is that a juju-docker-registry.pem has been installed on the clients, but that does obviously not solve the problem.

timClicks · 2 May 2020 21:40

Could you please provide the output of juju status --relations?

paulrusu · 3 May 2020 09:35

docker-registry:docker-registry containerd:docker-registry docker-registry regular
docker-registry:peer docker-registry:peer peer-discovery peer
etcd:cluster etcd:cluster etcd peer
etcd:db flannel:etcd etcd regular
etcd:db kubernetes-master:etcd etcd regular
kubeapi-load-balancer:loadbalancer kubernetes-master:loadbalancer public-address regular
kubeapi-load-balancer:website kubernetes-worker:kube-api-endpoint http regular
kubernetes-master:cni flannel:cni kubernetes-cni subordinate
kubernetes-master:container-runtime containerd:containerd container-runtime subordinate
kubernetes-master:coordinator kubernetes-master:coordinator coordinator peer
kubernetes-master:kube-api-endpoint kubeapi-load-balancer:apiserver http regular
kubernetes-master:kube-control kubernetes-worker:kube-control kube-control regular
kubernetes-master:kube-masters kubernetes-master:kube-masters kube-masters peer
kubernetes-worker:cni flannel:cni kubernetes-cni subordinate
kubernetes-worker:container-runtime containerd:containerd container-runtime subordinate
kubernetes-worker:coordinator kubernetes-worker:coordinator coordinator peer
openstack-integrator:clients kubernetes-master:openstack openstack-integration regular
openstack-integrator:clients kubernetes-worker:openstack openstack-integration regular
percona-cluster:cluster percona-cluster:cluster percona-cluster peer
percona-cluster:shared-db vault:shared-db mysql-shared regular
vault:certificates docker-registry:cert-provider tls-certificates regular
vault:certificates etcd:certificates tls-certificates regular
vault:certificates kubeapi-load-balancer:certificates tls-certificates regular
vault:certificates kubernetes-master:certificates tls-certificates regular
vault:certificates kubernetes-worker:certificates tls-certificates regular
vault:cluster vault:cluster vault-ha peer

arctix · 5 June 2020 03:15

I am running into the exact same problem. Recently installed charmed kubernetes with private docker registry.

=====

 Warning  Failed     9s (x2 over 22s)  kubelet, juju-e53148-1  Failed to pull image "ip:port/image-name": rpc error: code = Unknown desc = failed to pull and unpack image "ip:port/image-name": failed to resolve reference "ip:port/image-name": failed to do request: Head https://ip:port/image-name: remote error: tls: bad certificate

====

$ juju status --relations
Relation provider                    Requirer                             Interface          Type         Message
docker-registry:docker-registry      containerd:docker-registry           docker-registry    regular      
docker-registry:peer                 docker-registry:peer                 peer-discovery     peer         
easyrsa:client                       docker-registry:cert-provider        tls-certificates   regular      
easyrsa:client                       etcd:certificates                    tls-certificates   regular      
easyrsa:client                       kubernetes-master:certificates       tls-certificates   regular      
easyrsa:client                       kubernetes-worker:certificates       tls-certificates   regular      
etcd:cluster                         etcd:cluster                         etcd               peer         
etcd:db                              flannel:etcd                         etcd               regular      
etcd:db                              kubernetes-master:etcd               etcd               regular      
kubernetes-master:cni                flannel:cni                          kubernetes-cni     subordinate  
kubernetes-master:container-runtime  containerd:containerd                container-runtime  subordinate  
kubernetes-master:coordinator        kubernetes-master:coordinator        coordinator        peer         
kubernetes-master:kube-api-endpoint  kubernetes-worker:kube-api-endpoint  http               regular      
kubernetes-master:kube-control       kubernetes-worker:kube-control       kube-control       regular      
kubernetes-master:kube-masters       kubernetes-master:kube-masters       kube-masters       peer         
kubernetes-worker:cni                flannel:cni                          kubernetes-cni     subordinate  
kubernetes-worker:container-runtime  containerd:containerd                container-runtime  subordinate  
kubernetes-worker:coordinator        kubernetes-worker:coordinator        coordinator        peer

jukito-gmail · 11 February 2021 23:25

Same here!

Any news?