mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 21:46:22 +01:00
35 lines
1.1 KiB
Plaintext
35 lines
1.1 KiB
Plaintext
// Module included in the following assemblies:
|
|
//
|
|
// * builds/setting-up-trusted-ca
|
|
|
|
[id="configmap-adding-ca_{context}"]
|
|
= Adding certifying authorities to a ConfigMap
|
|
|
|
You can add certifying authorities (CAs) to a ConfigMap with the following
|
|
procedure.
|
|
|
|
.Prerequisites
|
|
|
|
* You must have cluster administrator privileges.
|
|
* You must have access to the registry's public certificates, usually a
|
|
`hostname/ca.crt` file located in the `/etc/docker/certs.d/` directory.
|
|
|
|
.Procedure
|
|
|
|
. Create a ConfigMap in the `openshift-config` namespace containing the trusted
|
|
certificates for the registries that use self-signed certificates. For each
|
|
CA file, ensure the key in the ConfigMap is the registry's
|
|
hostname in the `hostname[..port]` format:
|
|
+
|
|
----
|
|
$ oc create configmap registry-cas -n openshift-config \
|
|
--from-file=myregistry.corp.com..5000=/etc/docker/certs.d/myregistry.corp.com:5000/ca.crt \
|
|
--from-file=otherregistry.com=/etc/docker/certs.d/otherregistry.com/ca.crt
|
|
----
|
|
|
|
. Update the cluster image figuration:
|
|
+
|
|
----
|
|
$ oc patch image.config.openshift.io/cluster --patch '{"spec":{"additionalTrustedCA":{"name":"registry-cas"}}}' --type=merge
|
|
----
|