mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 12:46:18 +01:00
50 lines
1.4 KiB
Plaintext
50 lines
1.4 KiB
Plaintext
// Module included in the following assemblies:
|
|
//
|
|
// * hosted_control_planes/hcp-disconnected/hcp-deploy-dc-bm.adoc
|
|
// * hosted_control_planes/hcp-disconnected/hcp-deploy-dc-virt.adoc
|
|
|
|
:_mod-docs-content-type: PROCEDURE
|
|
[id="hcp-dc-tls-hosted_{context}"]
|
|
= Adding the registry CA to the worker nodes for the hosted cluster
|
|
|
|
In order for the data plane workers in the hosted cluster to be able to retrieve images from the private registry, you need to add the registry CA to the worker nodes.
|
|
|
|
.Procedure
|
|
|
|
. In the `hc.spec.additionalTrustBundle` file, add the following specification:
|
|
+
|
|
[source,yaml]
|
|
----
|
|
spec:
|
|
additionalTrustBundle:
|
|
- name: user-ca-bundle <1>
|
|
----
|
|
+
|
|
<1> The `user-ca-bundle` entry is a config map that you create in the next step.
|
|
|
|
. In the same namespace where the `HostedCluster` object is created, create the `user-ca-bundle` config map. The config map resembles the following example:
|
|
+
|
|
[source,yaml]
|
|
----
|
|
apiVersion: v1
|
|
data:
|
|
ca-bundle.crt: |
|
|
// Registry1 CA
|
|
-----BEGIN CERTIFICATE-----
|
|
-----END CERTIFICATE-----
|
|
|
|
// Registry2 CA
|
|
-----BEGIN CERTIFICATE-----
|
|
-----END CERTIFICATE-----
|
|
|
|
// Registry3 CA
|
|
-----BEGIN CERTIFICATE-----
|
|
-----END CERTIFICATE-----
|
|
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: user-ca-bundle
|
|
namespace: <hosted_cluster_namespace> <1>
|
|
----
|
|
+
|
|
<1> Specify the namespace where the `HostedCluster` object is created. |