Additional Trusted CAs on RKE2

[helpdeskcolombia]

Hello Team,

I'm ussing rke2 running over Ubuntu 20.04. I'm getting the next error when try to connect to private registry (to pull image) but there is a error with the self signed certificate.

ImagePullBackOff
x509: certificate signed by unknown authority

I add the certificate on:

/usr/local/share/ca-certificates/

Buy break the cluster

Dow you know how add an Additional Trusted CA on RKE2?

Regards.

[Martin-Weiss]

Two things

1. add the CA "trusted" to your OS - so what is your OS? (on RH and SLES there are commands you have to execute after copying the new CA to a given path
2. In case you use a private registry - you can setup a registries.yaml for RKE2 and in that file you can also specify which CA certs to trust. https://docs.rke2.io/install/containerd_registry_configuration/#with-tls (the ca_file parameter)

[helpdeskcolombia]

I'm ussing Ubuntu 20.04.3 LTS, I put the CA on the path /usr/local/share/ca-certificates/ but it broke the cluster becouse changed the cluster CA certificate.

Excelent I'll try.

[helpdeskcolombia]

@Martin-Weiss it works, thanks.

[adalsa91]

It's normal that I have to restart rke2 agent so that it recognizes the new CAs of the system?

[brandond]

Yes.