From f7546791cc0d6f3749fd48da4f0eb66b01842e96 Mon Sep 17 00:00:00 2001
From: "Dustin C. Hatch" <dustin@hatch.name>
Date: Wed, 16 Jul 2025 16:05:19 -0500
Subject: [PATCH] kubelet: Fix CA cert for Docker Hub proxy

The man page for _containers-certs.d(5)_ says that subdirectories of
`/etc/containers/certs.d` should be named `host:port`, however, this is
a bit misleading.  It seems instead, the directory name must match the
name of the registry server as specified, so in the case of a server
that supports HTTPS on port 443, where the port would be omitted from
the image name, it must also be omitted from the `certs.d` subdirectory
name.
---
 group_vars/kubelet.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/group_vars/kubelet.yml b/group_vars/kubelet.yml
index d3a3ef3..c65a79c 100644
--- a/group_vars/kubelet.yml
+++ b/group_vars/kubelet.yml
@@ -18,6 +18,6 @@ container_registries:
   prefix: docker.io
 
 container_registry_certs:
-  docker-hub.proxy.pyrocufflink.blue:443:
+  docker-hub.proxy.pyrocufflink.blue:
     ca: >-
       {{ lookup('file', 'dch-root-ca-r2.crt') }}