Hi, has anyone come across this type of issue: I am trying to setup k8s cluster and I also have a private registry running on a droplet, when I try to deploy an image from my private registry I get this error
Error response from daemon: Get https://artifacotry_ip: http: server gave HTTP response to HTTPS client
ok so I thought I am gonna setup a reverse proxy and add a self-signed certificate to it, you will think yeah this should solve the issue above, which it did, BUT it brings a new issues instead when I deploy again
Error response from daemon: Get https://artifactory_ip: x509: certificate signed by unknown authority
so because k8s is a managed service of digitalocean, I don’t have access to master node to push my certificates there and as you know I cannot ssh to k8s droplets either.
Anyone has any idea how to solve this issue?
Thank you.
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Hi @MBII,
The reply from @jkwiatkoski suggests that all the nodes that make up the DOKS will only pull from a TLS enabled docker registry - I presume that specifically means that any DO docker registries are TLS enabled.
That being the case, you will need to enable TLS on your Artifactory service that is providing your docker registry.
You may have a “chicken & egg” scenario though if that Artifactory service is being deployed as a container to the DOKS, unless the initial image comes from DO docker registry! :-)
This issue may help you understand the cause of the problem, should you want to use an “insecure” (non-TLS enabled) registry elsewhere:
https://github.com/moby/moby/issues/28321
As mentioned though, you will need to use a TLC certificate that was issued by a public CA, rather than your private CA, and self-signed certificate.
You should find all that you need from the link mentioned by @jkwiatkoski though - failing that search the Digital Ocean Community pages for more help, or use your favourite search engine to discover a walkthrough! ;-)
If you can’t find the docs on Digital Ocean Community pages, and you discover a decent walkthrough - why not add it to the Digital Ocean Community! :-D
Good luck!
This doesn’t answer your question directly, but have you considered using a Docker registry service to host your images? I’ve found using AWS ECR to be much less of a headache than hosting the images myself.
If you do want to consider that route, I wrote a tool the connect a Digital Ocean K8s cluster to AWS ECR: https://github.com/nabsul/k8s-ecr-login-renew
Hi there,
Our DOKS nodes are configured to reject pulling from any non secured registries. A simple solution would be to secure your registry with an SSL cert perhaps from https://letsencrypt.org/
Regards,
John Kwiatkoski Senior Developer Support Engineer - Kubernetes
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and AI-native businesses
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.