rancherOS cloud-config.yml root CA

I haven’t found a way to set up CA certificates for HTTPS, but you should be able to use the standard method to access a Docker registry with a private CA:

write_files:
- content: |+
    -----BEGIN CERTIFICATE-----
    [CA cert/chain here]
    -----END CERTIFICATE-----
  owner: root
  path: /etc/docker/certs.d/registry.domain.name/ca.crt
  permissions: "0644"

Repeat as necessary for each external repository.