Passing insecure-options to rkt using kubelet-wrapper
183 views
Skip to first unread message
Abhishek Chanda
Aug 16, 2016, 1:33:42 PM8/16/16
to CoreOS User
Hi all,
We have a deployment which uses self signed certs and running hyperkube using kubelet-wrapper fails. On poking a bit more, we noticed this is due to cert validation failure
# rkt --debug run quay.io/coreos/hyperkube:v1.3.4_coreos.0 --exec=/kubelet
image: using image from local store for image name coreos.com/rkt/stage1-coreos:1.8.0
image: searching for app image quay.io/coreos/hyperkube
image: meta tag 'ac-discovery' not found on quay.io/coreos/hyperkube: Get https://quay.io/coreos/hyperkube?ac-discovery=1: x509: certificate signed by unknown authority
image: meta tag 'ac-discovery' not found on quay.io/coreos: Get https://quay.io/coreos?ac-discovery=1: x509: certificate signed by unknown authority
image: meta tag 'ac-discovery' not found on quay.io: Get https://quay.io?ac-discovery=1: x509: certificate signed by unknown authority
run:
└─discovery failed for "quay.io/coreos/hyperkube"
└─discovery failed
This works when I pass --insecure-options=all to rkt. Is there a way to pass that through the kubelet-wrapper? I did not want to change permissions on the file to make it writeable.
Thanks
Kyle Brown
Aug 16, 2016, 1:55:58 PM8/16/16
to Abhishek Chanda, CoreOS User
Hi Abhishek,
The kubelet-wrapper docs have some examples on passing options and flags to rkt:
Cheers,
Kyle Brown
--
You received this message because you are subscribed to the Google Groups "CoreOS User" group.
To unsubscribe from this group and stop receiving emails from it, send an email to coreos-user+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Abhishek Chanda
Aug 16, 2016, 5:20:47 PM8/16/16
to Kyle Brown, CoreOS User
Abhishek Chanda
Aug 17, 2016, 7:03:07 PM8/17/16
to CoreOS User
Hi all,
We have the same problem again, but this time with the flannel image.
The given unit file for flannel passed insecure-options=image but we
need to pass tls too. Also, the flannel unit file does not allow
passing more options to rkt. Is there a way to pass
insecure-options=tls to rkt while running flannel?
Thanks
We have the same problem again, but this time with the flannel image.
The given unit file for flannel passed insecure-options=image but we
need to pass tls too. Also, the flannel unit file does not allow
passing more options to rkt. Is there a way to pass
insecure-options=tls to rkt while running flannel?
Thanks
Reply all
Reply to author
Forward
0 new messages