Hi everyone, I implemented using TLS for a local registry running in the cluster but am confused as to why the registry.yaml configuration file that containerd references needs to have the key. In this case I would consider containerd the client which would only need the public cert/ca and not the private key. Does anyone know why this is or does anyone know of documentation that explains the need for the key? I did some google searches but nothing seemed to explain why the key is needed.

The cert and key are only required if you are using client certificates to auth to the registry. If you just want to add a CA certificate to trust for that registry, then only do that. Just because the fields are there doesn't mean you have to set them.

Thanks, that explanation helps and also offered some other routes for searching that cleared everything up.