kubernetes "remote error: tls: handshake failure" missing SSL certificates

Question

I have a private docker image repository, that needs SSL certificates in order to be accessible. Now I have tried creating multiple kubernetes secrets (containing docker host-name, username and pass and certificates) so I can fetch images with kubernetes from it, but it is still failing because of the missing certificates "Failed to pull image .... remote error: tls: handshake failure". So is there a specific way one need to apply SSL certificates in order to be able to pull images from private repository that requires SSL certificates.

I have tried

kubectl create secret docker-registry repo-auth --docker-server=xxxxx --docker-username=xxxxxx --docker-password=xxxx

kubectl create secret tls repo-tls --cert=/xxxx/client.cert --key=/xxxx/client.key"

kubectl create secret generic regcred2 --from-file=/xxxx/client.key --from-file=/xxxx/client.cert"

kubectl create secret generic regcred --from-file=.dockerconfigjson=/root/.docker/config.json --type=kubernetes.io/dockerconfigjson --from-file=/xxxx/client.key --from-file=/xxxx/client.cert"

imagePullSecrets:
    - name: repo-tls
    - name: repo-auth
    - name: regcred
    - name: regcred2

but the error still remains

PS I am using k3s

Answer 1

You problem seems like an issue with fetching images from private-docker-registry.

You can perform the following steps to use an ssl certificate for authenticating your pull-request for fetching images form a docker registry:

1. You need to store your ssl certificate in a kubernetes secret. (Refer: https://www.padok.fr/en/blog/kubernetes-secrets) You can use following command to create a secret from ssl file:

   kubectl create secret generic ssl-key-cert --from-file=ssl.key --from-file ssl.cert

2. Update the pod yaml with imagePullSecret attribute and provide the 'secret-name' created in first step as the value to this attribute. (Refer:https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/)