Running

Running

关注
发信
关注(28)粉丝(399)

获得"x509:由未知授权机构签名的证书".即使使用"--insecure-skip-tls-verify" Kubernetes中的选项

本文介绍了获得"x509:由未知授权机构签名的证书".即使使用"--insecure-skip-tls-verify" Kubernetes中的选项的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我有一个在Linux VM(10.78.0.228:5000)上运行的私有Docker映像注册表,在一个运行Centos Linux 7的不同VM上运行的Kubernetes主服务器.

我使用以下命令创建了一个POD:
kubectl create --insecure-skip-tls-verify -f monitorms-rc.yml

我明白了:

,并在运行时:kubectl describe pod monitorms-mmqhm --namespace=sample

通过--insecure-skip-tls-verify时,Kubernetes是否不应该在POD创建期间忽略所有操作的服务器证书?

如果没有,我如何使它在拉docker映像时忽略tls验证?

PS:

Kubernetes版本:

客户端版本:v1.5.2服务器版本:v1.5.2

我在这里提出了这个问题: https://github.com/kubernetes/kubernetes/Issues/43924

解决方案

您看到的问题实际上是一个docker问题.使用--insecure-skip-tls-verifykubectl的有效参数,但仅处理kubectl与kubernetes API服务器之间的连接.您看到的错误实际上是因为docker守护进程无法登录到私有注册表,因为它使用的证书是未签名的.

看看 Docker不安全的注册表文档,这应该可以解决您的问题. /p>

I have a private Docker image registry running on a Linux VM (10.78.0.228:5000) and a Kubernetes master running on a different VM running Centos Linux 7.

I used the below command to create a POD:
kubectl create --insecure-skip-tls-verify -f monitorms-rc.yml

I get this:

and upon running:kubectl describe pod monitorms-mmqhm --namespace=sample

Isn't Kubernetes supposed to ignore the server certificate for all operations during POD creation when the --insecure-skip-tls-verify is passed?

If not, how do I make it ignore the tls verification while pulling the docker image?

PS:

Kubernetes version :

Client Version: v1.5.2Server Version: v1.5.2

I have raised this issue here: https://github.com/kubernetes/kubernetes/issues/43924

解决方案

The issue you're seeing is actually a docker issue. Using --insecure-skip-tls-verify is a valid arg to kubectl, but it only deals with the connecition between kubectl and the kubernetes API server. The error you're seeing is actually because the docker daemon cannot login to the private registry because the cert it's using in unsigned.

Have a look at the Docker insecure registry docs and this should solve your problem.

这篇关于获得"x509:由未知授权机构签名的证书".即使使用"--insecure-skip-tls-verify" Kubernetes中的选项的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

09-01 20:07
Powered by LMLPHP ©2024 Running 0.039728