08/05/2022, 3:06 PM
Hi everyone, I implemented using TLS for a local registry running in the cluster but am confused as to why the registry.yaml configuration file that containerd references needs to have the key. In this case I would consider containerd the client which would only need the public cert/ca and not the private key. Does anyone know why this is or does anyone know of documentation that explains the need for the key? I did some google searches but nothing seemed to explain why the key is needed.


08/05/2022, 3:14 PM
The cert and key are only required if you are using client certificates to auth to the registry. If you just want to add a CA certificate to trust for that registry, then only do that. Just because the fields are there doesn't mean you have to set them.


08/05/2022, 3:26 PM
Thanks, that explanation helps and also offered some other routes for searching that cleared everything up.