Trying to work with spegel for faster image pull times but fails since we have private tls certificates. #10052
Replies: 1 comment
-
My goal is to securely connect to multiple private registry mirrors (such as abc.com, pqr.com, and xyz.com) using client certificates and keys within Containerd's I understand that Containerd allows for specifying TLS configurations for registry mirrors, but I'm uncertain about the exact syntax and structure required to properly define these configurations. Could someone please provide comprehensive guidance or examples on how to correctly configure TLS for private registry mirrors in Containerd's
Any insights, tips, or examples demonstrating the proper configuration approach would be immensely helpful for me and others navigating similar setups. Thank you sincerely for your assistance and expertise! |
Beta Was this translation helpful? Give feedback.
-
Describe the bug
We are using jfrog artifactory registry as our registry. we are using tls certificate authentication for resolving and accessing our registry endpoints. We were facing 500 error with mirror resolve retries exhausted for key while running a pod, it gave this error
We have tls certificates. And we are trying to change the way we use certificates now. Instead of putting the certificate in
/etc/containerd/certs.d/xyz.com/client.cert
and/etc/containerd/certs.d/xyz.com/client.key
we are trying to put the certificates in/etc/certs/xyz.com/client.cert
and/etc/certs/xyz.com/client.key
. The problem now is that when we go ahead and create hosts.toml -, it doesn't work the way it worked when we had it in
/etc/containerd/certs.d/xyz.com/client.cert
and/etc/containerd/certs.d/xyz.com/client.key
.The error is either -
failed to load X509 key pair: tls: found a certificate rather than a key in the PEM for the private key"
OR
Failed to request xyz.com: connect: no route to host
Beta Was this translation helpful? Give feedback.
All reactions