0

I've created an EKS cluster on AWS along with Nexus Repository on DigitalOcean using Terraform & Ansible.

Also I've not created any SSL for the Nexus Repository, so it is "http."

Normally, it is sufficient to add [insecure-registries:...] entry into the self hosted nodes' docker config file, but I am working with EKS the first time and I don't have any access to configuration of the worker nodes, because they are inside private subnets.

How can I achieve the same thing while using EKS? Because I get the error below when I am trying to pull an image from that Nexus Repo. I've tried creating docker registy secret with the --insecure-skip-tls-verify and passing it with the POD yml, but had no success with it.

Failed to pull image "164.XX.XX.XX:8083/checkoutservice:latest": rpc error: code = Unknown desc = Error response from daemon: Get "https://164.XX.XX.XX:8083/v2/": http: server gave HTTP response to HTTPS client

UPDATE-1: Okay, I've managed to install nginx as a reverse proxy on Nexus server and created an SSL for it. The problem is now how to make EKS resolve that domain name. I tried changing the configmap of core-dns pods, but no success so far. Do you have any suggestions?

UPDATE-2: Situation is resolved. I needed to create a Bastion server in the public subnets, SSH into Worker Nodes and import CA of my self-signed Nexus server certificate into /etc/ssl/certs/ and modify /etc/hosts file with the relevant domain name, then restart docker.

0 Answers0