Setting up a local Kubernetes cluster with insecure registries

Setting up a local Minikube is a straightforward process, but if you want to use insecure registries in development then it might get a little bit tricky. This article is a short guide to make it run.

Minikube Installation

Check their README for more details, in a Mac you would typically do this:

brew cask install virtualbox
brew install kubectl

Add the insecure registries

The important step here is that when you start minikube for the first time, pass the insecure-registryflag:

minikube start --insecure-registry="your.private.repo:PORT"

The flag accepts one registry, if you have more, pass it several times. If you have started previously Minikube without the flag, delete the machine and don’t lose more time. I will repeat it because you might keep going and lose all morning. If you have started minikube and didn’t pass the flag, delete the machine:

minikube delete

And this is probably all the advice you needed today :)

So start minikube with the insecure registry flag and now enable the registry credentials add-on:

minikube addons configure registry-creds
minikube addons enable registry-creds

You will be prompted to add AWS, Google or Docker registries. Add the URL of your private Docker here.

Now check the VM has access to the registry manually:

minikube ssh
docker login your.private.repo
docker pull your.private.repo/whatever-image

At this point you should be able to use images from your private registry ignoring the certificates. If you keep seeing “x509: certificate signed by unknown authority” follow your steps back.

Kubernetes will need to have a secret in order to get access to the images:

kubectl create secret docker-registry my-secret --docker-server="https://your.private.repo" --docker-username=”USER” --docker-password=”PASS” --docker-email=”YOU@COMPANY”

Done!

At this point you can start working with Kubernetes and the private images will be sucessfully taken from the registry.

Enjoy!