edit

Using Docker Registries

This topic describes how to use Docker registries with Cloud Foundry Container Runtime (CFCR).

Use Private Docker Registries

To use a private Docker registry with CFCR, you must add the registry CA certificate to the BOSH Director manifest and redeploy the BOSH Director. Then the BOSH Director will store the certificate in every Kubernetes node it provisions.

  1. Access your CFCR environment. This is the environment that contains the KUBO_ENV directory with your CFCR configuration. For more information, see the Step 1: Access Your CFCR Environment section of the Deploying CFCR topic.
  2. Open the director.yml file. This is the BOSH Director manifest.
  3. Under properties.director.trusted_certs, add the registry CA certificate.

     1
     2
     3
     4
     5
     6
     7
     8
     9
    10
    11
    properties:
      director:
        trusted_certs: |
        # Private Docker registry CA certificate
        -----BEGIN CERTIFICATE-----
        MIICsjCCAhugAwIBAgIJAMcyGWdRwnFlMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV
        BAYTAkFVMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
        ...
        ItuuqKphqhSb6PEcFMzuVpTbN09ko54cHYIIULrSj3lEkoY9KJ1ONzxKjeGMHrOP
        KS+vQr1+OCpxozj1qdBzvHgCS0DrtA==
        -----END CERTIFICATE-----
    

    For more information about configuring trusted certificates in BOSH, see the BOSH documentation.

  4. Redeploy the BOSH Director by following the procedures specific to your IaaS: