Can not pull docker image from private repo when using Minikube

I am attempting to use Minikube for local kubernetes development. I have set up my docker environment to use the docker daemon running in the provided Minikube VM (boot2docker) as suggested:

eval $(minikube docker-env)

It sets up these environment variables:

  • How will a server running multiple Docker virtual machines handle the TCP limitation?
  • Can push docker images to Artifactory, but can't pull
  • access grunt serve inside docker
  • ?Docker commit -run '— deprecated, will be removed soon , how to replace
  • Syslog driver in Logstash docker image causing port “timed out” error
  • How to kill networking to a docker container?
  • export DOCKER_TLS_VERIFY="1"
    export DOCKER_HOST="tcp://192.168.99.100:2376"
    export DOCKER_CERT_PATH="/home/jasonwhite/.minikube/certs"
    

    When I attempt to pull an image from our private docker repository:

    docker pull oururl.com:5000/myimage:v1
    

    I get this error:

    Error response from daemon: Get https://oururl.com:5000/v1/_ping: x509: certificate signed by unknown authority
    

    It appears I need to add a trusted ca root certificate somehow, but have been unsuccessful so far in my attempts.

    I can hit the repository fine with curl using our ca root cert:

    curl --cacert /etc/ssl/ca/ca.pem https://oururl.com:5000/v1/_ping
    

  • Eureka clients in docker container
  • Why rotated nginx in Docker log file not release in filesystem?
  • ansible_default_ipv4.address undefined in docker ubuntu
  • How to dockerize Ruby on Rails for production?
  • Character encoding of the HTML document was not declared in docker Eureka
  • Host volumes / environment variables not available during container build stage
  • 5 Solutions collect form web for “Can not pull docker image from private repo when using Minikube”

    I came up with a work-around for the situation with suggestions from these sources:

    https://github.com/docker/machine/issues/1799

    https://github.com/docker/machine/issues/1872

    I logged into the Minikube VM (minikube ssh), and edited the /usr/local/etc/ssl/certs/ca-certificates.crt file by appending my own ca cert.

    I then restarted the docker daemon while still within the VM: sudo /etc/init.d/docker restart

    This is not very elegant in that if I restart the Minikube VM, I need to repeat these manual steps each time.

    As an alternative, I also attempted to set the --insecure-registry myurl.com:5000 option in the DOCKER_OPTS environment variable (restarted docker), but this didn’t work for me.

    For an http registry this steps works for me:

    1) minikube ssh

    2) edit /var/lib/boot2docker/profile and add to $EXTRA_ARGS --insecure-registry yourdomain.com:5000

    3) restart the docker daemon sudo /etc/init.d/docker restart

    The Kubernetes documentation on this is pretty good.

    Depending on where your private docker repository is hosted, the solution will look a bit different. The documentation explains how to handle each type of repository.

    If you want an automated approach to handle this authentication, you will want to use a Kubernetes secret and specify the imagePullSecrets for your Pod.

    Sounds like your question has more to do with Docker than Kubernetes. The Docker CLI supports a number of TLS-related options. Since you already have the CA cert, something like this should work:

    docker --tlsverify --tlscacert=/etc/ssl/ca/ca.pem pull oururl.com:5000/myimage:v1
    

    I’ve been unable to find anyway to get the cert into the minikube vm. But, minikube has a command line parameter to pass in an insecure-registry.

    minikube start --insecure-registry=<HOST>:5000 
    

    Then to configure authentication on the registry, create a secret.

    kubectl create secret docker-registry tp-registry --docker-server=<REGISTRY>:5000 --docker-username=<USERNAME> --docker-password=<PASSWORD> --docker-email=<EMAIL> --insecure-skip-tls-verify=true
    

    Add secret to the default service account as described in the kubernetes docs.

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.