Hi,
I have found how to do it. May be there is a better way, but this one works on my box.
1/ You have to edit containerd-template.toml. Follow the doc explanation, it is ok, no problem. Just add the registry such as
[plugins.cri.registry.mirrors.""]
endpoint = [“https://”]
[plugins.cri.registry.configs."".tls]
ca_file = “/etc/ssl/certs/domain.crt”
2/ What is the difference between the 2 files, I don’t know. Can somebody explain ?
3/ May be the self-signed certificate acts as a CA cert, anyway it’s taken as-is to validate the ssl connection
4/ This is VERY IMPORTANT : put the self-sign certificate in the /etc/ssl/certs directory. I suppose Kubernetes or the underling libraries check implicitely in this directory. I have not managed to get it working if the certificate is not in this directory.
5/ ca.crt naming is not mandatory, you can name it as you want
Restart microk8s with stop and start
HTH
GB