Skip to content

Commit

Permalink
Adding TLS certification section on private registry
Browse files Browse the repository at this point in the history
  • Loading branch information
knabben committed Dec 9, 2020
1 parent 92f5489 commit 9766008
Showing 1 changed file with 23 additions and 0 deletions.
23 changes: 23 additions & 0 deletions site/content/docs/user/private-registries.md
Original file line number Diff line number Diff line change
Expand Up @@ -87,3 +87,26 @@ See Google's [upstream docs][keyFileAuthentication] on key file authentication f
[loading an image]: /docs/user/quick-start/#loading-an-image-into-your-cluster
[using a private registry]: https://kubernetes.io/docs/concepts/containers/images/#using-a-private-registry
[GCR]: https://cloud.google.com/container-registry/

#### Use a Certificate

If you have a registry authenticated with certificates, and both certificates and keys
reside on your host folder, it is possible to mount and use them into the `containerd` plugin
patching the default configuration, like in the example:

{{< codeFromInline lang="yaml" >}}
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
nodes:
- role: control-plane
# This option mounts the host docker registry folder into
# the control-plane node, allowing containerd to access them.
extraMounts:
- containerPath: /etc/docker/certs.d/registry.dev.example.com
hostPath: /etc/docker/certs.d/registry.dev.example.com
containerdConfigPatches:
- |-
[plugins."io.containerd.grpc.v1.cri".registry.configs."registry.dev.example.com".tls]
cert_file = "/etc/docker/certs.d/registry.dev.example.com/ba_client.cert"
key_file = "/etc/docker/certs.d/registry.dev.example.com/ba_client.key"
{{< /codeFromInline >}}

0 comments on commit 9766008

Please sign in to comment.