Using minikube to pull image from local Docker registry (with self-signed CA certificate)

Question

Using minikube to pull image from local Docker registry (with self-signed CA certificate)

I'd like to be able to run minikube so that it can access a local docker registry using a self signed CA certificate. Ideally the process should be automated so that I can use a *deployment.yaml file to pull the required image without intervention.

At the moment I'm using a workaroud as follows:

#ssh into the minikube instance
sudo minikube ssh
#create a folder for the certificate
sudo mkdir /etc/docker/certs.d/dave.local:5000
#copy the crt file from the registry computer to the minikube instance
sudo scp [email protected]:/home/dave/certs/domain.crt /etc/docker/certs.d/dave.local:5000
#then check login
docker login dave.local:5000
#then pull image so that it's already in minikube
docker pull dave.local:5000/davedockerimage

I then edit the *deployment.yaml with imagePullPolicy: Never . When I then run sudo kubectl create -f dave-deployment.yamlit finds dave.local:5000/davedockerimagelocally on minikube it uses the already pulled image.

If imagePullPolicy: Always . The image pull fails in minikube.

I've been through a range of tutorials/stack overflow answers and have been unable to crack this. Any help appreciated.

Answer 1

Running insecure connections wasn't an option for me, so I followed these minikube certificates docs. This configures minikube to trust certificates issued by your internal CA.

First copy the CA certs in PEM format into minikube's certs directory:

mkdir -p "${HOME}/.minikube/certs"
cp my-ca-certs-file.pem "${HOME}/.minikube/certs/"

Next, restart minikube with the --embed-certs option to sync certificates.

minikube stop
minikube start --embed-certs

After that, try pull images using a deployment or statefulset. If you receive an authentication error, you may need to configure regcred so kubernetes can authenticate with your custom registry. To do that, create a secret that kubernetes knows to reference when authenticating with your docker registry. These instructions are adapted from Kubernetes docs, "Pull an Image from a Private Registry".

docker login dave.local:5000
# Enter your credentials when prompted.

# This copies your cached token into a kubernetes secret.
kubectl create secret generic regcred \
    --from-file=.dockerconfigjson="${HOME}/.docker/config.json" \
    --type=kubernetes.io/dockerconfigjson

Then your deployments should be able to pull any referenced images from dave.local:5000/...