Define a custom CA certificate for a private Docker registry

Available since 2.18.0 for non-MOSK clusters Available since 2.18.1 for MOSK clusters

This section instructs you on how to define a custom CA certificate for Docker registry connections on your management, regional, or managed cluster using the Container Cloud web UI or CLI.

Define a custom CA certificate for a Docker registry using CLI

Available since 2.18.0

1. Create a ContainerRegistry resource(s) with the required registry domain and CA certificate. For details, see API Reference: ContainerRegistry resource.

2. In the providerSpec section of the Cluster object, set the containerRegistries field with the names list of created ContainerRegistry resource objects:

   kubectl patch cluster -n <clusterProjectName> <clusterName> --type merge -p '{"spec":{"providerSpec":{"value":{"containerRegistries":["<containerRegistryName>"]}}}}'
   

Define a custom CA certificate for a Docker registry using web UI

Available since 2.21.0 for non-MOSK clusters

1. Log in to the Container Cloud web UI with the m:kaas:namespace@operator or m:kaas:namespace@writer permissions.

2. In the Container Registries tab, click Add Container Registry.

3. In the Add new Container Registry window, define the following parameters:

   • Container Registry Name

     Name of the Docker registry to select during cluster creation or post-deployment configuration

   • Domain

     Domain that contains the registry host name

   • CA Certificate

     SSL CA certificate of the registry to upload or insert in plain text

4. Click Create.

You can add the created Docker registry configuration to a new or existing managed cluster as well as to an existing management or regional cluster:

• For a new managed cluster, in the Create new cluster wizard, select the required registry name from the drop-down menu of the Container Registry option. For details on a new cluster creation, see Create and operate managed clusters.

• For an existing cluster of any type, in the More menu of the cluster, select the required registry name from the drop-down menu of the Configure cluster > General Settings > Container Registry option. For details on an existing managed cluster configuration, see Change a cluster configuration.

Caution

A Docker registry that is being used by a cluster cannot be deleted.