Closed tactical-drone closed 7 years ago
AlainRoy
commented
7 years ago Docker doesn't have a unique CA certificate for each image URL, but for each unique container registry.
That option was intended to be used with Harbor, which can be deployed separately as a Photon Controller service: https://github.com/vmware/photon-controller/wiki/Using-Harbor-with-kubernetes
tactical-drone
commented
7 years ago Oh ok.
Docker is pretty annoying in this regard. The setup needed to handle this seems complicated.
The kubernetes secrets and pull secret does not help either. Pretty amazing that this problem exists. Kubernetes & docker should be working together.
photon cluster create has a setting --registry-ca-cert that does not seem to function.
How could it? Docker requires a folder /etc/docker/certs.d//ca.crt so you need to know ahead of time what those image urls are going to be. Docker does not do certs correctly IMO. It should slave off of linux.
In the mean time I need to copy the file manually every time a new worker is created. Not ideal.