github/containerd
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

allow non-mutual TLS

Browse Source 
Previously, client keypair had needed to be specified even when unused.

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
This commit is contained in:
Akihiro Suda
2019-08-10 16:28:37 +09:00
parent a7481289bb
commit 28e492fce0
2 changed files with 27 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
docs/registry.md
View File

@@ -37,6 +37,14 @@ To configure the TLS settings for a specific registry, create/modify the `/etc/c
In the config example shown above, TLS mutual authentication will be used for communications with the registry endpoint located at https://my.custom.registry.
`ca_file` is file name of the certificate authority (CA) certificate used to authenticate the x509 certificate/key pair specified by the files respectively pointed to by `cert_file` and `key_file`.
`cert_file` and `key_file` are not needed when TLS mutual authentication is unused.
```toml
# The registry host has to be an FDQN or IP.
[plugins.cri.registry.configs."my.custom.registry".tls]
ca_file = "ca.pem"
```
## Configure Registry Credentials
`cri` plugin also supports docker like registry credential config.