Skip to main content
apiVersion: v1alpha1
kind: RegistryTLSConfig
name: my-private-registry.local:5000 # Registry endpoint to apply the TLS configuration to.
ca: |- # CA registry certificate to add the list of trusted certificates.
    -----BEGIN CERTIFICATE-----
    MIID...IDAQAB
    -----END CERTIFICATE-----

# # Enable mutual TLS authentication with the registry.
# clientIdentity:
#     cert: |-
#         -----BEGIN CERTIFICATE-----
#         MIID...IDAQAB
#         -----END CERTIFICATE-----
#     key: |-
#         -----BEGIN PRIVATE KEY-----
#         MIIE...AB
#         -----END PRIVATE KEY-----
FieldTypeDescriptionValue(s)
namestringRegistry endpoint to apply the TLS configuration to.

Registry endpoint is the hostname part of the endpoint URL,
e.g. ‘my-mirror.local:5000’ for ‘https://my-mirror.local:5000/v2/’.

The TLS configuration makes sense only for HTTPS endpoints.
The TLS configuration will apply to all image pulls for this
registry endpoint, by Talos or any Kubernetes workloads.
clientIdentityCertificateAndKeyEnable mutual TLS authentication with the registry.
Client certificate and key should be PEM-encoded.
castringCA registry certificate to add the list of trusted certificates.
Certificate should be PEM-encoded.
insecureSkipVerifyboolSkip TLS server certificate verification (not recommended).