- Newest
- Most votes
- Most comments
Hello,
Kubernetes currently does not have an in-built mechanism to perform TLS authentication for private registry access.
The work-around for enabling mTLS encryption is by using a client certificate by adding the certificate and key to the /etc/docker/certs.d/{registry}
directory on every node. For more info, please review this github issue 41965. However, it is not a feasible approach.
As you mentioned, you can use Amazon ECR as your private registry which uses the secure IAM authentication for registry access.
Hello, thank you very much for your support and for the proposed work-around. As I'm using EKS and getting more nodes added on-demand I also agree with you that even with the work-around it is not a feasible approach. I have decided to go for the ECR option and now I have no issues pulling images from there. Thanks again!
Relevant content
- asked a year ago
- asked 2 years ago
- AWS OFFICIALUpdated 9 months ago
- AWS OFFICIALUpdated 5 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 4 months ago
- AWS OFFICIALUpdated 3 days ago