Define a custom CA certificate for a private Docker registry

This section instructs you on how to define a custom CA certificate for Docker registry connections on your management or managed cluster using the Container Cloud web UI or CLI.

Caution

A Docker registry that is being used by a cluster cannot be deleted.

Define a custom CA certificate for a Docker registry using CLI

  1. Create a ContainerRegistry resource(s) with the required registry domain and CA certificate. For details, see ContainerRegistry resource.

  2. In the providerSpec section of the Cluster object, set the containerRegistries field with the names list of created ContainerRegistry resource objects:

    kubectl patch cluster -n <clusterProjectName> <clusterName> --type merge -p '{"spec":{"providerSpec":{"value":{"containerRegistries":["<containerRegistryName>"]}}}}'

Define a custom CA certificate for a Docker registry using web UI

  1. Log in to the Container Cloud web UI with the m:kaas:namespace@operator or m:kaas:namespace@writer permissions.

  2. In the Container Registries tab, click Add Container Registry.

  3. In the Add new Container Registry window, define the following parameters:

    • Container Registry Name

      Name of the Docker registry to select during cluster creation or post-deployment configuration.

    • Domain

      Host name and optional port of the registry. For example, demohost:5000.

    • CA Certificate

      SSL CA certificate of the registry to upload or insert in plain text.

  4. Click Create.

You can add the created Docker registry configuration to a new or existing managed cluster as well as to an existing management cluster:

  • For a new managed cluster, in the Create new cluster wizard, select the required registry name from the drop-down menu of the Container Registry option. For details on a new cluster creation, see Create a managed bare metal cluster.

  • For an existing cluster of any type, in the More menu of the cluster, select the required registry name from the drop-down menu of the Configure cluster > General Settings > Container Registry option. For details on an existing managed cluster configuration, see Change a cluster configuration.