External-Mirrors/kubespray
2
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2026-02-16 18:50:08 -03:30
Code Issues Packages Projects Releases Wiki Activity

Fix containerd config_path mirrors and remove nerdctl insecure_registry (#10196)

Browse Source 
* Fix containerd_registries in config_path for mirrors and remove nerdctl global insecure_registry setting

* Make containerd hosts.toml mode 0640

* Add containerd_registries_mirrors and keep containerd_registries to pass packet_debian11-calico-upgrade
This commit is contained in:
yun
2023-08-16 20:18:27 +08:00
committed by GitHub
parent 4c37399c75
commit 77bda0df1c
13 changed files with 109 additions and 72 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
roles/container-engine/containerd/templates/config.toml.j2
View File

@@ -51,18 +51,18 @@ oom_score = {{ containerd_oom_score }}
config_path = "{{ containerd_cfg_dir }}/certs.d"
{% else %}
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
{% for registry, addr in containerd_registries.items() %}
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."{{ registry }}"]
endpoint = ["{{ ([ addr ] | flatten ) | join('","') }}"]
{% set insecure_registries_addr = [] %}
{% for registry in containerd_registries_mirrors %}
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."{{ registry.prefix }}"]
{% set endpoint = [] %}
{% for mirror in registry.mirrors %}
{% if endpoint.append(mirror.host) %}{% endif %}
{% if mirror.skip_verify is defined and mirror.skip_verify|bool %}{% if insecure_registries_addr.append(mirror.host | urlsplit('netloc')) %}{% endif %}{% endif %}
{% endfor %}
{% if containerd_insecure_registries is defined and containerd_insecure_registries|length>0 %}
{% for registry, addr in containerd_insecure_registries.items() %}
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."{{ registry }}"]
endpoint = ["{{ ([ addr ] | flatten ) | join('","') }}"]
endpoint = ["{{ ( endpoint | unique ) | join('","') }}"]
{% endfor %}
{% endif %}
{% for addr in containerd_insecure_registries.values() | flatten | unique %}
[plugins."io.containerd.grpc.v1.cri".registry.configs."{{ addr | urlsplit('netloc') }}".tls]
{% for addr in insecure_registries_addr | unique %}
[plugins."io.containerd.grpc.v1.cri".registry.configs."{{ addr }}".tls]
insecure_skip_verify = true
{% endfor %}
{% endif %}

8
roles/container-engine/containerd/templates/hosts.toml.j2 Normal file
View File

@@ -0,0 +1,8 @@
server = "https://{{ item.prefix }}"
{% for mirror in item.mirrors %}
[host."{{ mirror.host }}"]
capabilities = ["{{ ([ mirror.capabilities ] | flatten ) | join('","') }}"]
{% if mirror.skip_verify is defined %}
skip_verify = {{ mirror.skip_verify | default('false') | string | lower }}
{% endif %}
{% endfor %}