Define a custom CA certificate for a private Docker registry¶
This section instructs you on how to define a custom CA certificate for Docker registry connections on your management or managed cluster using the Container Cloud web UI or CLI.
Caution
A Docker registry that is being used by a cluster cannot be deleted.
Define a custom CA certificate for a Docker registry using CLI¶
Create a
ContainerRegistry
resource(s) with the required registry domain and CA certificate. For details, see Container Cloud API Reference: ContainerRegistry resource.In the
providerSpec
section of theCluster
object, set thecontainerRegistries
field with the names list of createdContainerRegistry
resource objects:kubectl patch cluster -n <clusterProjectName> <clusterName> --type merge -p '{"spec":{"providerSpec":{"value":{"containerRegistries":["<containerRegistryName>"]}}}}'
Define a custom CA certificate for a Docker registry using web UI¶
Log in to the Container Cloud web UI with the
m:kaas:namespace@operator
orm:kaas:namespace@writer
permissions.In the Container Registries tab, click Add Container Registry.
In the Add new Container Registry window, define the following parameters:
- Container Registry Name
Name of the Docker registry to select during cluster creation or post-deployment configuration.
- Domain
Host name and optional port of the registry. For example,
demohost:5000
.
- CA Certificate
SSL CA certificate of the registry to upload or insert in plain text.
Click Create.
You can add the created Docker registry configuration to a new or existing managed cluster as well as to an existing management cluster:
For a new managed cluster, in the Create new cluster wizard, select the required registry name from the drop-down menu of the Container Registry option. For details on a new cluster creation, see Create a managed bare metal cluster.
For an existing cluster of any type, in the More menu of the cluster, select the required registry name from the drop-down menu of the Configure cluster > General Settings > Container Registry option. For details on an existing managed cluster configuration, see Change a cluster configuration.