According to the k3s documentation for configuring a private registry, i would need to have a config file similar to this on every node:
mirrors:
docker.io:
endpoint:
- "https://mycustomreg.com:5000"
configs:
"mycustomreg:5000":
tls:
cert_file: # path to the cert file used in the registry
key_file: # path to the key file used in the registry
ca_file: # path to the ca file used in the registry
Am i not understanding something about TLS or the documentation? Why does the client need the private key file to authenticate the registry that is being connected to?
I thought the client encrypted the handshake data with the public key from the certificate and that can be decrypted only with the private key on the server.
So why do k3s nodes need the private key file? To authenticate the node as well? Can the private key not be given?
Thanks for your time.