Use of a local image registry requires different considerations and configurations than when using the standard Tanzu Mission Control SaaS registry.

Toggle Local Image Registry

You can toggle support for local image registry and add local image registries when attaching a cluster to Tanzu Mission Control.

Supporting Self-Signed Registries on Tanzu Kubernetes Grid Clusters

For image registries using self-signed certificates, the cluster should be trusting the registry’s certificate. A Tanzu Kubernetes Grid cluster can be provisioned by passing the configuration TKG_CUSTOM_IMAGE_REPOSITORY_CA_CERTIFICATE with the registry's certificate, which then gets injected into the cluster. Tanzu Kubernetes Grid limits management clusters and workload clusters to using the same registry for pulling Tanzu Kubernetes Grid related images.

Due to the known issue above in Tanzu Kubernetes Grid, to support the local image registry with CA certs scenarios in Tanzu Kubernetes Grid 1.6.1, you must make sure Tanzu Kubernetes Grid is pulling its own images from the same registry as the Tanzu Mission Control local image registry defined, not from the default registry.

You can bring up a management cluster using the local image registry by following the instructions given in Prepare an Internet-Restricted Environment.

For information on how to pull and push images from a public registry to the local registry, see Copy Images into an Airgapped Environment.

Register the management cluster as described in Complete the Registration of a Management Cluster.