Comment 1 for bug 1879347

working with @kwmonroe yesterday

we downloaded crictl to tmp and were able to use it to pull images once we got the config correct:

# list images
/tmp/crictl -r -r unix:///run/containerd/containerd.sock images

# delete images
/tmp/crictl -r -r unix:///run/containerd/containerd.sock delete my.custom.registry/busybox:latest

# pull images
/tmp/crictl -r -r unix:///run/containerd/containerd.sock pull my.custom.registry/busybox:latest

With these tools we were able to determine the appropriate config necessary for a custom_registry that was using a self-signed cert

I can use the charm's current config

juju config containerd \
custom_registries='[{"url": "my.custom.registry", "username": "*****", "password": "********"}]'

to create MOST of the config, but what i can't specify is the ca_file

I am proposing a new config option like this
juju config containerd \
custom_registries='[{"url": "my.custom.registry", "username": "*****", "password": "********"
"ca_file": "'$(base64 < my.custom.registry.pem)'"}]'

so that the charm does this:
      [plugins.cri.registry.configs]
        [plugins.cri.registry.configs."my.custom.registry".tls]
          ca_file = "/etc/containerd/my.custom.registry.pem"

creates a file on the filesystem /etc/containerd/my.custom.registry.pem
  with the value of the base64.b64_decode( ca_file_config )