I generated a CA certificate, then issued a certificate based on it for a private registry, that located in the same GKE cluster. Put the server certificates to the private registry and the CA certificate to all GKE nodes and run:
update-ca-certificates && systemctl restart docker
Images are building and putting into the private registry without problems. When a pod tries to pull the an image from the repository I get an error:
x509: certificate signed by unknown authority
Also I tried to put the CA certificate to the docker
certs.d directory (10.3.240.100:3000 — the IP address of the private registry) and restart the docker on each node of the GKE cluster, but it doesn’t help too:
How to solve this problem? Am I understand correctly that the GKE nodes’ docker is responsible for pulling images when creating a pod?
Source: Docker Questions