Define a custom CA certificate for a private Docker registry

This section instructs you on how to define a custom CA certificate for Docker registry connections on your management, regional, or managed cluster using the Container Cloud web UI or CLI.

Caution

A Docker registry that is being used by a cluster cannot be deleted.

Define a custom CA certificate for a Docker registry using CLI

  1. Create a ContainerRegistry resource(s) with the required registry domain and CA certificate. For details, see API Reference: ContainerRegistry resource.

  2. In the providerSpec section of the Cluster object, set the containerRegistries field with the names list of created ContainerRegistry resource objects:

    kubectl patch cluster -n <clusterProjectName> <clusterName> --type merge -p '{"spec":{"providerSpec":{"value":{"containerRegistries":["<containerRegistryName>"]}}}}'

Define a custom CA certificate for a Docker registry using web UI

Available since 2.21.0 and 2.21.1 for MOSK 22.5

  1. Log in to the Container Cloud web UI with the m:kaas:namespace@operator or m:kaas:namespace@writer permissions.

  2. In the Container Registries tab, click Add Container Registry.

  3. In the Add new Container Registry window, define the following parameters:

    • Container Registry Name

      Name of the Docker registry to select during cluster creation or post-deployment configuration.

    • Domain

      Host name and optional port of the registry. For example, demohost:5000.

    • CA Certificate

      SSL CA certificate of the registry to upload or insert in plain text.

  4. Click Create.

You can add the created Docker registry configuration to a new or existing managed cluster as well as to an existing management or regional cluster:

  • For a new managed cluster, in the Create new cluster wizard, select the required registry name from the drop-down menu of the Container Registry option. For details on a new cluster creation, see Create and operate managed clusters.

  • For an existing cluster of any type, in the More menu of the cluster, select the required registry name from the drop-down menu of the Configure cluster > General Settings > Container Registry option. For details on an existing managed cluster configuration, see Change a cluster configuration.