Workload nodes are unable to deploy pods due to image pull failures. The following error is observed in the container runtime or pod events:

Failed to pull image "welcome.com:8043": rpc error: code = Unknown desc = failed to pull and unpack image "test.com:8043/library/image:latest": failed to resolve reference "test.com:8043/library/image:latest": failed to do request: Head "https://welcome.com:8043/v2/library/image/manifests/latest": x509: certificate signed by unknown authority

TCA 3.x

A certificate synchronization failure between the Kubernetes cluster and the Harbor registry, typically occurring after Harbor certificate updates or configuration changes, prevents the worker nodes from trusting the registry.

1. Identify the problematic cluster and the associated Harbor add-on configuration.
2. Uninstall the Harbor add-on from the affected cluster.
3. Re-install the Harbor add-on to force a synchronization of the new Harbor CA certificate across all cluster nodes.
4. Verify that the worker nodes can successfully pull images from test.com:8043 without x509 errors.

• To Remove Add-on refer Delete an Add-on
• To install add-on refer Deploy Add-Ons