Manually Add the Registry Certificate to a
dch-photon Container VM
To manually add the vSphere Integrated Containers CA certificate to
dch-photon, you can create a
dch-photon container VM, then use
docker cp to copy the certificate into it.
NOTE: This method requires you to copy the certificate to every
dch-photon container VM that you deploy. To avoid having to copy the certificate every time, the recommended method is to create a custom
dch-photon image. For information about creating a custom image, see Add the Registry Certificate to a Custom Image.
- You have a known user ID that has at least the Developer role in the
default-projectin vSphere Integrated Containers Management Portal.
- You have an instance of Docker Engine running on your local sytem.
- You installed the CA certificate for vSphere Integrated Containers Registry in your local Docker client. For information about how to install the registry certificate in a Docker client, see Install the vSphere Integrated Containers Registry Certificate.
- For simplicity, this example uses a virtual container host (VCH) that was deployed with the
--no-tlsverifyoption. If your VCH implements TLS verification of clients, you must import the VCH certificates into your Docker client and adapt the Docker commands accordingly. For information about how to connect a Docker client to a VCH that uses full TLS authentication, see Connecting to the VCH in Configure the Docker Client for Use with vSphere Integrated Containers.
dch-photoncontainer VM named
build-slavein a VCH, but do not start it.
The container should be stopped because the Docker Engine instance that it runs must restart so that it can recognize the new certificate and you have copied it to the container. If you have already deployed
docker stopto stop it.
This example runs
dch-photonbehind a port mapping.
docker -H vch_address:2376 --tls create --name build-slave -p 12375:2375 registry_address/default-project/dch-photon:1.13-cert
Create the required folder structure on your local machine.
Docker Engine stores registry certificates in a folder named
mkdir -p certs.d/registry_address
Copy the certificate into the new folder.
cp path_to_cert/ca.crt certs.d/registry_address
docker cpto copy the certificate from your local system into the
dch-photoncontainer VM that is running in the VCH.
docker -H vch_address:2376 --tls cp certs.d build-slave:/etc/docker
Restart the Docker container host to load the certificate.
docker -H vch_address:2376 --tls start build-slave
You have a running Docker container host that you configured to push and pull from vSphere Integrated Containers Registry.
What to Do Next
To test the Docker container host, see Build, Push, and Pull an Image with