Kind: document using tls certs to authenticate image pulls

Created on 3 Dec 2020  路  8Comments  路  Source: kubernetes-sigs/kind

What would you like to be documented:

using a config patch like:

kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
nodes:
  - role: control-plane
    extraMounts:
      - containerPath: /etc/docker/certs.d/registry.dev.databricks.com
        hostPath: /etc/docker/certs.d/registry.dev.databricks.com
containerdConfigPatches:
  - |-
    [plugins."io.containerd.grpc.v1.cri".registry.configs."registry.dev.databricks.com".tls]
      cert_file = "/etc/docker/certs.d/registry.dev.databricks.com/ba_client.cert"
      key_file  = "/etc/docker/certs.d/registry.dev.databricks.com/ba_client.key"

To enable authenticated image pull using certificates

Why is this needed:

Users were used to doing this with dockershim.

We should also look into enabling this better upstream, having a host dir would be convenient https://github.com/containerd/containerd/pull/4138/files#r402472668

good first issue help wanted kindocumentation
Source
picture BenTheElder

All 8 comments

This should go in https://kind.sigs.k8s.io/docs/user/private-registries/

see: https://kind.sigs.k8s.io/docs/contributing/getting-started/
/help
/good-first-issue

BenTheElder picture BenTheElder on 3 Dec 2020

@BenTheElder:
This request has been marked as suitable for new contributors.

Please ensure the request meets the requirements listed here.

If this request no longer meets these requirements, the label can be removed
by commenting with the /remove-good-first-issue command.

In response to this:

This should go in https://kind.sigs.k8s.io/docs/user/private-registries/

see: https://kind.sigs.k8s.io/docs/contributing/getting-started/
/help
/good-first-issue

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

k8s-ci-robot picture k8s-ci-robot on 3 Dec 2020

/assign @knabben

knabben picture knabben on 5 Dec 2020

/close

knabben picture knabben on 17 Dec 2020

@knabben: You can't close an active issue/PR unless you authored it or you are a collaborator.

In response to this:

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

k8s-ci-robot picture k8s-ci-robot on 17 Dec 2020
😕1

@BenTheElder can you close this one?

knabben picture knabben on 21 Dec 2020

1962 has been merged

/close

tao12345666333 picture tao12345666333 on 22 Dec 2020
👍1

@tao12345666333: Closing this issue.

In response to this:

1962 has been merged

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

k8s-ci-robot picture k8s-ci-robot on 22 Dec 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

rajalokan picture rajalokan  路  3Comments
csantanapr picture csantanapr  路  4Comments
philipstaffordwood picture philipstaffordwood  路  4Comments
cjwagner picture cjwagner  路  3Comments
mithunvikram picture mithunvikram  路  3Comments