Add a Local Image Registry for Tanzu Mission Control Using the API

You can create a local image registry with the Tanzu Mission Control CredentialResource API.

Prerequisites

Make sure you have the appropriate permissions to add local image registries.

To add local image registries you must be associated with the Tanzu Mission Control role cluster.admin role.

The following are the input parameters required for creating the local image registry:

Registry configuration
- The registry configuration RegistryURL, AccessID and AccessSecret is encoded and stored as dockerconfigjson in the resource spec.
Registry Namespace

Procedure

The following is an example payload to create an unauthenticated local image registry:

{
    "credential": {
        "fullName": {
            "name": "test-registry"
    },
    "meta": {
        "annotations": {   
        "registry-namespace": "test-ns"
        }
    },
    "spec": {
        "capability": "IMAGE_REGISTRY",
        "data": {
            "keyValue": {
                "data": {
                    "registry-url": "aHR0cDovL215cmVnaXN0cnkuaW8=",
                        ca-cert":
"LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURFekNDQWZ1Z0F3SUJBZ0lRT3l2YmhoaUFiVDhYRG
ZVSjJ2aWp5VEFOQmdrcWhraUc5dzBCQVF....."
            }
        }
    },    
    "meta": {
        "provider": "GENERIC_KEY_VALUE"
        }    
    },
    "type": {
        "kind": "Credential",
        "package": "vmware.tanzu.manage.v1alpha1.account.credential",
        "version": "v1alpha1"
        }    
    }
}

The following is an example payload to create an authenticated local image registry:


{
    "credential": {
    "fullName": {
        "name": "test-registry"
    },
    "meta": {
        "annotations": {
            "registry-namespace": "test-ns"
        }
    },
    "spec": {
        "capability": "IMAGE_REGISTRY",
            "data": {
                "keyValue": {
                    "data": {
                        ".dockerconfigjson":
"eyJhdXRocyI6eyJodHRwOi8vbXlyZWdpc3RyeS5pbyI6eyJ1c2VybmFtZSI6ImRlbW91c2VyIiwicGFzc3
dvcmQiOiJkZW1vcGFzc3dvcmQiLCJhdXRoIjoiWkdWdGIzVnpaWEk2WkdWdGIzQmhjM04zYjNKayJ9fX0="
, // base64 encode value of the dockerconfigjson structb value or converting its
json output to []bytes
                        "ca-cert":
"LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURFekNDQWZ1Z0F3SUJBZ0lRT3l2YmhoaUFiVDhYRG
ZVSjJ2aWp5VEFOQmdrcWhraUc5dzBCQVF....."
                    },
                    "type": "DOCKERCONFIGJSON_SECRET_TYPE"
                }        
        },    
        "meta": {
            "provider": "GENERIC_KEY_VALUE"    
            }
        },
        "type": {
            "kind": "Credential",
            "package": "vmware.tanzu.manage.v1alpha1.account.credential",
            "version": "v1alpha1"
        }
    }
}

Note:

Note that the dockerconfigjson contains the registry configuration in the following format:


{
    "auths": {
        "myregistry.io": {   
            "auth": "ZGVtb3VzZXI6ZGVtb3Bhc3N3b3Jk",
            "password": "demopassword",
            "username": "demouser"    
        }
    }
}