skip to Main Content

Whenever i try to start a minikube always get "unable to connect to registry.k8s.io" and even after if i try to install postgres, vault or my images i am getting "ErrImgpull" error.

Environment:
Pc Network : Corporate LAN
OS : windows 11 enterprise

minikube:
minikube version: v1.34.0
commit: 210b148df93a80eb872ecbeb7e35281b3c582c61

Docker Engine
v27.2.0

Docker Desktop:
Current version: 4.34.2 (167172)

Things I did:
docker prune
minikube delete
minikube start

adding minikube ip to the no_proxy or NO_PROXY

Extra debug :

Able to access registry.k8s.io from a hostmachine’s browser
ssh into minikube
ping 8.8.8.8 (which is working without any issue)
docker login -u (resulted in error getting to register.xxxxx)
apt-get update (since minikube is on ubuntu 22.04) , Error updating packages
apt-get error : ( Failed to fetch https://download.docker.com/linux/ubuntu/dists/jammy/InRelease Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown. The received OCSP status response is invalid. Could not handshake: Error in the certificate verification. [IP: 18.244.61.11 443] W: Failed to fetch https://nvidia.github.io/libnvidia-container/stable/deb/amd64/InRelease Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown. The received OCSP status response is invalid. Could not handshake: Error in the certificate verification. [IP: 185.199.111.153 443] W: Some index files failed to download. They have been ignored, or old ones used instead.)

2

Answers


  1. Chosen as BEST ANSWER

    I did download certs for registry using openctl and now it is working fine.


  2. As per this Github link

    The registry.k8s.io is a Kubernetes
    container images registry that behaves generally like an OCI compliant
    registry. Since registry.k8s.io is a proxy
    routing traffic to the closest available source, you will need
    connectivity to several domains to download images. It is also best
    for performance to create your own registry mirror.

    When you are debugging issues, make sure you run these commands on the
    node that is attempting to run images. Things may be working fine on
    your laptop, but not on the Kubernetes node.

    Make sure to verify DNS resolution, verify HTTP Connectivity, Verify
    image repositories and tags and Verify image pulls.

    The error you are facing apt-get update certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown and suggests that certificate trust issues within the Minikube.

    To resolve the issue:

    Add the missing certificate authorities to the minikube environment trusted certificates.This helps to allow it to verify certificates from common registries like Docker Hub.

    Consider updating your minikube to the latest stable version.

    After making changes make sure to restart your minikube.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search