You can add certificate authorities (CAs) to the cluster for use when pushing and pulling images via the following procedure.
Prerequisites
-
You must have cluster administrator privileges.
-
You must have access to the registry’s public certificates, usually a
hostname/ca.crtfile located in the/etc/docker/certs.d/directory.
Procedure
-
Create a ConfigMap in the
openshift-confignamespace containing the trusted certificates for the registries that use self-signed certificates. For each CA file, ensure the key in the ConfigMap is the registry’s hostname in thehostname[..port]format:$ oc create configmap registry-cas -n openshift-config \ --from-file=myregistry.corp.com..5000=/etc/docker/certs.d/myregistry.corp.com:5000/ca.crt \ --from-file=otherregistry.com=/etc/docker/certs.d/otherregistry.com/ca.crt
-
Update the cluster image configuration:
$ oc patch image.config.openshift.io/cluster --patch '{"spec":{"additionalTrustedCA":{"name":"registry-cas"}}}' --type=merge