diff --git a/modules/machineconfig-modify-registry.adoc b/modules/machineconfig-modify-registry.adoc index 854c620284e2..90748063c3ef 100644 --- a/modules/machineconfig-modify-registry.adoc +++ b/modules/machineconfig-modify-registry.adoc @@ -7,7 +7,7 @@ Settings that define the registries that {product-title} uses to get container images are held in the `/etc/containers/registries.conf` file by default. In that file, you can set registries to not require authentication (insecure), point to mirrored registries, or set which registries are searched for unqualified container image requests. -Rather than change `registries.conf` directly, you can drop configuration files into the `/etc/containers/registries.d` directory that are then automatically appended to the system's existing `registries.conf` settings. +Rather than change `registries.conf` directly, you can drop configuration files into the `/etc/containers/registries.conf.d` directory that are then automatically appended to the system's existing `registries.conf` settings. This procedure describes how to create a `registries.d` file (`/etc/containers/registries.s/99-worker-unqualified-search-registries.conf`) that adds `quay.io` as an unqualified search registry (one that {product-title} can search when it tries to pull an image name that does not include the registry name). It includes base64-encoded content that you can examine as follows: @@ -25,7 +25,7 @@ See the `containers-registries.conf` man page for the format for the `registries .Procedure -. Create a YAML file (`myregistry.yaml`) to hold the contents of the `/etc/containers/registries.d/99-worker-unqualified-search-registries.conf` file, including the encoded base64 contents for that file. For example: +. Create a YAML file (`myregistry.yaml`) to hold the contents of the `/etc/containers/registries.conf.d/99-worker-unqualified-search-registries.conf` file, including the encoded base64 contents for that file. For example: + [source,terminal] ---- @@ -46,7 +46,7 @@ spec: source: data:text/plain;charset=utf-8;base64,dW5xdWFsaWZpZWQtc2VhcmNoLXJlZ2lzdHJpZXMgPSBbJ3JlZ2lzdHJ5LmFjY2Vzcy5yZWRoYXQuY29tJywgJ2RvY2tlci5pbycsICdxdWF5LmlvJ10K filesystem: root mode: 0420 - path: /etc/containers/registries.d/99-worker-unqualified-search-registries.conf + path: /etc/containers/registries.conf.d/99-worker-unqualified-search-registries.conf EOF ---- @@ -102,7 +102,7 @@ Starting pod/ip-10-0-141-142us-east-2computeinternal-debug ... [source,terminal] ---- sh-4.2# chroot /host -sh-4.4# cat /etc/containers/registries.d/99-worker-unqualified-search-registries.conf +sh-4.4# cat /etc/containers/registries.conf.d/99-worker-unqualified-search-registries.conf unqualified-search-registries = ['registry.access.redhat.com', 'docker.io', 'quay.io'] sh-4.4# exit ---- diff --git a/modules/security-deploy-signature.adoc b/modules/security-deploy-signature.adoc index 12b8128ceb8c..fb27fe47bb19 100644 --- a/modules/security-deploy-signature.adoc +++ b/modules/security-deploy-signature.adoc @@ -20,7 +20,7 @@ configuration is required. Signatures that use the `docker` transport type are served by local file or web server. These signatures are more flexible; you can serve images from any container image registry and use an independent server to deliver binary -signatures. +signatures. However, the `docker` transport type requires additional configuration. You must configure the nodes with the URI of the signature server by placing @@ -38,9 +38,9 @@ docker: In this example, the Red Hat Registry, `access.redhat.com`, is the signature server that provides signatures for the `docker` transport type. Its URI is -defined in the `sigstore` parameter. You might name this file +defined in the `sigstore` parameter. You might name this file `/etc/containers/registries.d/redhat.com.yaml` and use the Machine Config Operator to automatically place the file on each node in your cluster. No service restart is required since policy and `registries.d` files are dynamically -loaded by the container runtime. +loaded by the container runtime.