diff --git a/README.md b/README.md index a6f479f99ad..3994c1552a9 100644 --- a/README.md +++ b/README.md @@ -408,7 +408,7 @@ These settings can be changed at any time. #### Container image registry settings -The following setting is optional and allows you to configure image registry mirrors and pull-through caches for your orchestrated containers. +The following setting is optional and allows you to configure image registry mirrors and pull-through caches for your containers. * `settings.container-registry.mirrors`: A mapping of container image registry to a list of image registry URL endpoints. When pulling an image from a registry, the container runtime will try the endpoints one by one and use the first working one. (Docker and containerd will still try the default registry URL if the mirrors fail.) * Example user data for setting up image registry mirrors: @@ -419,6 +419,8 @@ The following setting is optional and allows you to configure image registry mir ``` If you use a Bottlerocket variant that uses Docker as the container runtime, like `aws-ecs-1`, you should be aware that Docker only supports pull-through caches for images from Docker Hub (docker.io). Mirrors for other registries are ignored in this case. +For [host-container](#host-containers-settings) and [bootstrap-container](#bootstrap-containers-settings) images from Amazon ECR private repositories, registry mirrors are currently unsupported. + #### Updates settings * `settings.updates.metadata-base-url`: The common portion of all URIs used to download update metadata. diff --git a/packages/kubernetes-1.17/kubelet.service b/packages/kubernetes-1.17/kubelet.service index d9716943d78..57769db0f27 100644 --- a/packages/kubernetes-1.17/kubelet.service +++ b/packages/kubernetes-1.17/kubelet.service @@ -15,7 +15,8 @@ ExecStartPre=/usr/bin/host-ctr \ --containerd-socket=/run/dockershim.sock \ --namespace=k8s.io \ pull-image \ - --source=${POD_INFRA_CONTAINER_IMAGE} + --source=${POD_INFRA_CONTAINER_IMAGE} \ + --registry-config=/etc/host-containers/host-ctr-registry.config # Must be overridden by a drop-in file or `kubelet` won't start ExecStart=/usr/bin/false diff --git a/packages/kubernetes-1.18/kubelet.service b/packages/kubernetes-1.18/kubelet.service index d9716943d78..57769db0f27 100644 --- a/packages/kubernetes-1.18/kubelet.service +++ b/packages/kubernetes-1.18/kubelet.service @@ -15,7 +15,8 @@ ExecStartPre=/usr/bin/host-ctr \ --containerd-socket=/run/dockershim.sock \ --namespace=k8s.io \ pull-image \ - --source=${POD_INFRA_CONTAINER_IMAGE} + --source=${POD_INFRA_CONTAINER_IMAGE} \ + --registry-config=/etc/host-containers/host-ctr-registry.config # Must be overridden by a drop-in file or `kubelet` won't start ExecStart=/usr/bin/false diff --git a/packages/kubernetes-1.19/kubelet.service b/packages/kubernetes-1.19/kubelet.service index d9716943d78..57769db0f27 100644 --- a/packages/kubernetes-1.19/kubelet.service +++ b/packages/kubernetes-1.19/kubelet.service @@ -15,7 +15,8 @@ ExecStartPre=/usr/bin/host-ctr \ --containerd-socket=/run/dockershim.sock \ --namespace=k8s.io \ pull-image \ - --source=${POD_INFRA_CONTAINER_IMAGE} + --source=${POD_INFRA_CONTAINER_IMAGE} \ + --registry-config=/etc/host-containers/host-ctr-registry.config # Must be overridden by a drop-in file or `kubelet` won't start ExecStart=/usr/bin/false diff --git a/packages/kubernetes-1.20/kubelet.service b/packages/kubernetes-1.20/kubelet.service index d9716943d78..57769db0f27 100644 --- a/packages/kubernetes-1.20/kubelet.service +++ b/packages/kubernetes-1.20/kubelet.service @@ -15,7 +15,8 @@ ExecStartPre=/usr/bin/host-ctr \ --containerd-socket=/run/dockershim.sock \ --namespace=k8s.io \ pull-image \ - --source=${POD_INFRA_CONTAINER_IMAGE} + --source=${POD_INFRA_CONTAINER_IMAGE} \ + --registry-config=/etc/host-containers/host-ctr-registry.config # Must be overridden by a drop-in file or `kubelet` won't start ExecStart=/usr/bin/false diff --git a/packages/kubernetes-1.21/kubelet.service b/packages/kubernetes-1.21/kubelet.service index d9716943d78..57769db0f27 100644 --- a/packages/kubernetes-1.21/kubelet.service +++ b/packages/kubernetes-1.21/kubelet.service @@ -15,7 +15,8 @@ ExecStartPre=/usr/bin/host-ctr \ --containerd-socket=/run/dockershim.sock \ --namespace=k8s.io \ pull-image \ - --source=${POD_INFRA_CONTAINER_IMAGE} + --source=${POD_INFRA_CONTAINER_IMAGE} \ + --registry-config=/etc/host-containers/host-ctr-registry.config # Must be overridden by a drop-in file or `kubelet` won't start ExecStart=/usr/bin/false diff --git a/packages/os/bootstrap-containers@.service b/packages/os/bootstrap-containers@.service index 7e35eaf01dd..5610d71296c 100644 --- a/packages/os/bootstrap-containers@.service +++ b/packages/os/bootstrap-containers@.service @@ -20,7 +20,8 @@ ExecStart=/usr/bin/touch /run/bootstrap-containers/%i.ran ExecStart=/usr/bin/host-ctr run \ --container-id='%i' \ --source='${CTR_SOURCE}' \ - --container-type='bootstrap' + --container-type='bootstrap' \ + --registry-config=/etc/host-containers/host-ctr-registry.config ExecStartPost=/usr/bin/bootstrap-containers mark-bootstrap \ --container-id '%i' \ --mode '${CTR_MODE}' diff --git a/packages/os/host-containers@.service b/packages/os/host-containers@.service index 57c50a9ef5d..dfda08e3f11 100644 --- a/packages/os/host-containers@.service +++ b/packages/os/host-containers@.service @@ -11,7 +11,8 @@ Environment=LOCAL_DIR=/local ExecStart=/usr/bin/host-ctr run \ --container-id='%i' \ --source='${CTR_SOURCE}' \ - --superpowered='${CTR_SUPERPOWERED}' + --superpowered='${CTR_SUPERPOWERED}' \ + --registry-config=/etc/host-containers/host-ctr-registry.config Restart=always RestartSec=45 TimeoutStopSec=60 diff --git a/packages/os/host-ctr-registry-config b/packages/os/host-ctr-registry-config new file mode 100644 index 00000000000..1bec066ee89 --- /dev/null +++ b/packages/os/host-ctr-registry-config @@ -0,0 +1,6 @@ +{{~#if settings.container-registry.mirrors}} +{{~#each settings.container-registry.mirrors}} +[mirrors."{{@key}}"] +endpoints = [{{join_array ", " this }}] +{{~/each}} +{{~/if}} diff --git a/packages/os/os.spec b/packages/os/os.spec index 830ba12020b..f9c52fca757 100644 --- a/packages/os/os.spec +++ b/packages/os/os.spec @@ -23,6 +23,7 @@ Source3: eni-max-pods Source5: updog-toml Source6: metricdog-toml +Source7: host-ctr-registry-config # 1xx sources: systemd units Source100: apiserver.service @@ -388,7 +389,7 @@ install -d %{buildroot}%{_cross_datadir}/updog install -p -m 0644 %{_cross_repo_root_json} %{buildroot}%{_cross_datadir}/updog install -d %{buildroot}%{_cross_templatedir} -install -p -m 0644 %{S:5} %{S:6} %{buildroot}%{_cross_templatedir} +install -p -m 0644 %{S:5} %{S:6} %{S:7} %{buildroot}%{_cross_templatedir} install -d %{buildroot}%{_cross_unitdir} install -p -m 0644 \ @@ -458,6 +459,8 @@ install -p -m 0644 %{S:300} %{buildroot}%{_cross_udevrulesdir}/80-ephemeral-stor %{_cross_bindir}/host-containers %{_cross_unitdir}/host-containers@.service %{_cross_tmpfilesdir}/host-containers.conf +%dir %{_cross_templatedir} +%{_cross_templatedir}/host-ctr-registry-config %files -n %{_cross_os}storewolf %{_cross_bindir}/storewolf diff --git a/sources/host-ctr/cmd/host-ctr/main.go b/sources/host-ctr/cmd/host-ctr/main.go index c74dfe968f0..b7bb46adac4 100644 --- a/sources/host-ctr/cmd/host-ctr/main.go +++ b/sources/host-ctr/cmd/host-ctr/main.go @@ -6,6 +6,7 @@ import ( "fmt" "io/ioutil" "math/rand" + "net/url" "os" "os/signal" "regexp" @@ -66,6 +67,7 @@ func App() *cli.App { containerdSocket string namespace string superpowered bool + registryConfig string cType string ) @@ -115,6 +117,11 @@ func App() *cli.App { Destination: &superpowered, Value: false, }, + &cli.StringFlag{ + Name: "registry-config", + Usage: "path to image registry configuration", + Destination: ®istryConfig, + }, &cli.StringFlag{ Name: "container-type", Usage: "specifies one of: [host, bootstrap]", @@ -123,7 +130,7 @@ func App() *cli.App { }, }, Action: func(c *cli.Context) error { - return runCtr(containerdSocket, namespace, containerID, source, superpowered, containerType(cType)) + return runCtr(containerdSocket, namespace, containerID, source, superpowered, registryConfig, containerType(cType)) }, }, { @@ -137,9 +144,14 @@ func App() *cli.App { Destination: &source, Required: true, }, + &cli.StringFlag{ + Name: "registry-config", + Usage: "path to image registry configuration", + Destination: ®istryConfig, + }, }, Action: func(c *cli.Context) error { - return pullImageOnly(containerdSocket, namespace, source) + return pullImageOnly(containerdSocket, namespace, source, registryConfig) }, }, { @@ -204,7 +216,7 @@ func (ct containerType) Prefix() string { return "" } -func runCtr(containerdSocket string, namespace string, containerID string, source string, superpowered bool, cType containerType) error { +func runCtr(containerdSocket string, namespace string, containerID string, source string, superpowered bool, registryConfigPath string, cType containerType) error { // Check if the containerType provided is valid if !cType.IsValid() { return errors.New("Invalid container type") @@ -241,12 +253,12 @@ func runCtr(containerdSocket string, namespace string, containerID string, sourc isECRImage := ecrRegex.MatchString(source) var img containerd.Image if isECRImage { - img, err = pullECRImage(ctx, source, client) + img, err = pullECRImage(ctx, source, client, registryConfigPath) if err != nil { return err } } else { - img, err = pullImage(ctx, source, client) + img, err = pullImage(ctx, source, client, registryConfigPath) if err != nil { log.G(ctx).WithField("ref", source).Error(err) return err @@ -457,7 +469,7 @@ func runCtr(containerdSocket string, namespace string, containerID string, sourc } // pullImageOnly pulls the specified container image -func pullImageOnly(containerdSocket string, namespace string, source string) error { +func pullImageOnly(containerdSocket string, namespace string, source string, registryConfigPath string) error { ctx, cancel := context.WithCancel(context.Background()) defer cancel() ctx = namespaces.WithNamespace(ctx, namespace) @@ -472,12 +484,12 @@ func pullImageOnly(containerdSocket string, namespace string, source string) err isECRImage := ecrRegex.MatchString(source) ref := source if isECRImage { - _, err = pullECRImage(ctx, source, client) + _, err = pullECRImage(ctx, source, client, registryConfigPath) if err != nil { return err } } else { - _, err = pullImage(ctx, ref, client) + _, err = pullImage(ctx, ref, client, registryConfigPath) if err != nil { log.G(ctx).WithField("ref", ref).Error(err) return err @@ -540,7 +552,7 @@ func cleanUp(containerdSocket string, namespace string, containerID string) erro } // pullECRImage does some additional conversions before resolving the image reference and pulls the image. -func pullECRImage(ctx context.Context, source string, client *containerd.Client) (containerd.Image, error) { +func pullECRImage(ctx context.Context, source string, client *containerd.Client, registryConfigPath string) (containerd.Image, error) { ref := source ecrRef, err := ecr.ParseImageURI(ref) if err != nil { @@ -554,7 +566,7 @@ func pullECRImage(ctx context.Context, source string, client *containerd.Client) WithField("source", source). Debug("parsed ECR reference from URI") - img, err := pullImage(ctx, ref, client) + img, err := pullImage(ctx, ref, client, registryConfigPath) if err != nil { log.G(ctx).WithField("ref", ref).Error(err) return nil, err @@ -798,7 +810,21 @@ func withProxyEnv() oci.SpecOpts { } // pullImage pulls an image from the specified source. -func pullImage(ctx context.Context, source string, client *containerd.Client) (containerd.Image, error) { +func pullImage(ctx context.Context, source string, client *containerd.Client, registryConfigPath string) (containerd.Image, error) { + // Handle registry config + var registryConfig *RegistryConfig + if registryConfigPath != "" { + var err error + registryConfig, err = NewRegistryConfig(registryConfigPath) + if err != nil { + log.G(ctx). + WithError(err). + WithField("registry-config", registryConfigPath). + Error("failed to read registry config") + return nil, err + } + } + // Pull the image // Retry with exponential backoff when failures occur, maximum retry duration will not exceed 31 seconds const maxRetryAttempts = 5 @@ -812,7 +838,7 @@ func pullImage(ctx context.Context, source string, client *containerd.Client) (c for { var err error img, err = client.Pull(ctx, source, - withDynamicResolver(ctx, source), + withDynamicResolver(ctx, source, registryConfig), containerd.WithSchema1Conversion) if err == nil { log.G(ctx).WithField("img", img.Name()).Info("pulled image successfully") @@ -879,11 +905,22 @@ func tagImage(ctx context.Context, imageName string, newImageName string, client } // withDynamicResolver provides an initialized resolver for use with ref. -func withDynamicResolver(ctx context.Context, ref string) containerd.RemoteOpt { - noOp := func(_ *containerd.Client, _ *containerd.RemoteContext) error { return nil } +func withDynamicResolver(ctx context.Context, ref string, registryConfig *RegistryConfig) containerd.RemoteOpt { + defaultResolver := func(_ *containerd.Client, _ *containerd.RemoteContext) error { return nil } + if registryConfig != nil { + defaultResolver = func(_ *containerd.Client, c *containerd.RemoteContext) error { + resolver := docker.NewResolver(docker.ResolverOptions{ + Hosts: registryHosts(registryConfig, docker.NewDockerAuthorizer()), + }) + c.Resolver = resolver + return nil + } + } switch { - // For ECR registries, we need to use the Amazon ECR resolver + // For private ECR registries, we need to use the Amazon ECR resolver. + // Currently we're unable to support image registry configuration with the ECR resolver. + // FIXME Track upstream `amazon-ecr-containerd-resolver` support for image registry configuration. case strings.HasPrefix(ref, "ecr.aws/"): return func(_ *containerd.Client, c *containerd.RemoteContext) error { // Create the Amazon ECR resolver @@ -905,21 +942,21 @@ func withDynamicResolver(ctx context.Context, ref string) containerd.RemoteOpt { output, err := client.GetAuthorizationToken(&ecrpublic.GetAuthorizationTokenInput{}) if err != nil { log.G(ctx).Warn("ecr-public: failed to get authorization token, falling back to default resolver (unauthenticated pull)") - return noOp + return defaultResolver } if output == nil || output.AuthorizationData == nil { log.G(ctx).Warn("ecr-public: missing AuthorizationData in ECR Public GetAuthorizationToken response, falling back to default resolver (unauthenticated pull)") - return noOp + return defaultResolver } authToken, err := base64.StdEncoding.DecodeString(aws.StringValue(output.AuthorizationData.AuthorizationToken)) if err != nil { log.G(ctx).Warn("ecr-public: unable to decode authorization token, falling back to default resolver (unauthenticated pull)") - return noOp + return defaultResolver } tokens := strings.SplitN(string(authToken), ":", 2) if len(tokens) != 2 { log.G(ctx).Warn("ecr-public: invalid credentials decoded from authorization token, falling back to default resolver (unauthenticated pull)") - return noOp + return defaultResolver } // Use the fetched authorization credentials to resolve the image authOpt := docker.WithAuthCreds(func(host string) (string, string, error) { @@ -931,7 +968,7 @@ func withDynamicResolver(ctx context.Context, ref string) containerd.RemoteOpt { }) authorizer := docker.NewDockerAuthorizer(authOpt) resolverOpt := docker.ResolverOptions{ - Hosts: docker.ConfigureDefaultRegistries(docker.WithAuthorizer(authorizer)), + Hosts: registryHosts(registryConfig, authorizer), } return func(_ *containerd.Client, c *containerd.RemoteContext) error { @@ -942,6 +979,55 @@ func withDynamicResolver(ctx context.Context, ref string) containerd.RemoteOpt { } default: // For all other registries - return noOp + return defaultResolver + } +} + +// registryHosts returns the registry hosts to be used by the resolver. Wraps around _registryHosts. +// Heavily borrowed from containerd CRI plugin's implementation with the auth related configuration omitted. +// See https://github.com/containerd/cri/blob/f6026296a3991010429db91e7e677f9c9d4861ab/pkg/server/image_pull.go#L314-L315 +// FIXME Replace this once there's a public containerd client interface that supports registry mirrors +func registryHosts(registryConfig *RegistryConfig, authorizer docker.Authorizer) docker.RegistryHosts { + return func(host string) ([]docker.RegistryHost, error) { + var ( + registries []docker.RegistryHost + endpoints []string + ) + if _, ok := registryConfig.Mirrors[host]; ok { + endpoints = registryConfig.Mirrors[host].Endpoints + } else { + endpoints = registryConfig.Mirrors["*"].Endpoints + } + defaultHost, err := docker.DefaultHost(host) + if err != nil { + return nil, errors.Wrap(err, "get default host") + } + endpoints = append(endpoints, defaultHost) + + for _, endpoint := range endpoints { + // Prefix the endpoint with an appropriate URL scheme if the endpoint does not have one. + if !strings.Contains(endpoint, "://") { + if endpoint == "localhost" || endpoint == "127.0.0.1" || endpoint == "::1" { + endpoint = "http://" + endpoint + } else { + endpoint = "https://" + endpoint + } + } + url, err := url.Parse(endpoint) + if err != nil { + return nil, errors.Wrapf(err, "parse registry endpoint %q from mirrors", endpoint) + } + if url.Path == "" { + url.Path = "/v2" + } + registries = append(registries, docker.RegistryHost{ + Authorizer: authorizer, + Host: url.Host, + Scheme: url.Scheme, + Path: url.Path, + Capabilities: docker.HostCapabilityResolve | docker.HostCapabilityPull, + }) + } + return registries, nil } } diff --git a/sources/host-ctr/cmd/host-ctr/main_test.go b/sources/host-ctr/cmd/host-ctr/main_test.go new file mode 100644 index 00000000000..b7719edb232 --- /dev/null +++ b/sources/host-ctr/cmd/host-ctr/main_test.go @@ -0,0 +1,161 @@ +package main + +import ( + "github.com/containerd/containerd/remotes/docker" + "github.com/stretchr/testify/assert" + "testing" +) + +// Test RegistryHosts with valid endpoints URLs +func TestRegistryHosts(t *testing.T) { + tests := []struct { + name string + host string + config RegistryConfig + expected []docker.RegistryHost + }{ + { + "HTTP scheme", + "docker.io", + RegistryConfig{ + Mirrors: map[string]Mirror{ + "docker.io": { + Endpoints: []string{"http://198.158.0.0"}, + }, + }, + }, + []docker.RegistryHost{ + { + Authorizer: docker.NewDockerAuthorizer(), + Host: "198.158.0.0", + Scheme: "http", + Path: "/v2", + Capabilities: docker.HostCapabilityResolve | docker.HostCapabilityPull, + }, + { + Authorizer: docker.NewDockerAuthorizer(), + Host: "registry-1.docker.io", + Scheme: "https", + Path: "/v2", + Capabilities: docker.HostCapabilityResolve | docker.HostCapabilityPull, + }, + }, + }, + { + "No scheme", + "docker.io", + RegistryConfig{ + Mirrors: map[string]Mirror{ + "docker.io": { + Endpoints: []string{"localhost", "198.158.0.0", "127.0.0.1"}, + }, + }, + }, + []docker.RegistryHost{ + { + Authorizer: docker.NewDockerAuthorizer(), + Host: "localhost", + Scheme: "http", + Path: "/v2", + Capabilities: docker.HostCapabilityResolve | docker.HostCapabilityPull, + }, + { + Authorizer: docker.NewDockerAuthorizer(), + Host: "198.158.0.0", + Scheme: "https", + Path: "/v2", + Capabilities: docker.HostCapabilityResolve | docker.HostCapabilityPull, + }, + { + Authorizer: docker.NewDockerAuthorizer(), + Host: "127.0.0.1", + Scheme: "http", + Path: "/v2", + Capabilities: docker.HostCapabilityResolve | docker.HostCapabilityPull, + }, + { + Authorizer: docker.NewDockerAuthorizer(), + Host: "registry-1.docker.io", + Scheme: "https", + Path: "/v2", + Capabilities: docker.HostCapabilityResolve | docker.HostCapabilityPull, + }, + }, + }, + { + "* endpoints", + "weird.io", + RegistryConfig{ + Mirrors: map[string]Mirror{ + "docker.io": { + Endpoints: []string{"notme", "certainly-not-me"}, + }, + "*": { + Endpoints: []string{"198.158.0.0", "example.com"}, + }, + }, + }, + []docker.RegistryHost{ + { + Authorizer: docker.NewDockerAuthorizer(), + Host: "198.158.0.0", + Scheme: "https", + Path: "/v2", + Capabilities: docker.HostCapabilityResolve | docker.HostCapabilityPull, + }, + { + Authorizer: docker.NewDockerAuthorizer(), + Host: "example.com", + Scheme: "https", + Path: "/v2", + Capabilities: docker.HostCapabilityResolve | docker.HostCapabilityPull, + }, + { + Authorizer: docker.NewDockerAuthorizer(), + Host: "weird.io", + Scheme: "https", + Path: "/v2", + Capabilities: docker.HostCapabilityResolve | docker.HostCapabilityPull, + }, + }, + }, + { + "No mirrors", + "docker.io", + RegistryConfig{ + Mirrors: map[string]Mirror{}, + }, + []docker.RegistryHost{ + { + Authorizer: docker.NewDockerAuthorizer(), + Host: "registry-1.docker.io", + Scheme: "https", + Path: "/v2", + Capabilities: docker.HostCapabilityResolve | docker.HostCapabilityPull, + }, + }, + }, + } + + for _, tc := range tests { + t.Run(tc.name, func(t *testing.T) { + result, err := _registryHosts(tc.host, &tc.config, docker.NewDockerAuthorizer()) + assert.NoError(t, err) + assert.Equal(t, tc.expected, result) + }) + } +} + +// Test RegistryHosts with invalid endpoints URLs +func TestBadRegistryHosts(t *testing.T) { + t.Run("Messed up mirror endpoint", func(t *testing.T) { + _, err := _registryHosts("docker.io", &RegistryConfig{ + Mirrors: map[string]Mirror{ + "docker.io": { + Endpoints: []string{"$#%#$$#%#$"}, + }, + }, + }, docker.NewDockerAuthorizer()) + assert.Error(t, err) + }) +} diff --git a/sources/host-ctr/cmd/host-ctr/registry.go b/sources/host-ctr/cmd/host-ctr/registry.go new file mode 100644 index 00000000000..722a7158f9d --- /dev/null +++ b/sources/host-ctr/cmd/host-ctr/registry.go @@ -0,0 +1,27 @@ +package main + +import ( + "github.com/pelletier/go-toml" + "io/ioutil" +) + +// Mirror contains the config related to the registry mirror +type Mirror struct { + Endpoints []string +} + +// RegistryConfig contains the config related to a image registry +type RegistryConfig struct { + Mirrors map[string]Mirror +} + +// NewRegistryConfig unmarshalls a registry configuration file and sets up a RegistryConfig +func NewRegistryConfig(registryConfigFile string) (*RegistryConfig, error) { + raw, err := ioutil.ReadFile(registryConfigFile) + if err != nil { + return nil, err + } + + config := RegistryConfig{} + return &config, toml.Unmarshal(raw, &config) +} diff --git a/sources/host-ctr/go.mod b/sources/host-ctr/go.mod index 5134265bd97..3dcc10ea6b9 100644 --- a/sources/host-ctr/go.mod +++ b/sources/host-ctr/go.mod @@ -9,8 +9,10 @@ require ( github.com/google/uuid v1.3.0 // indirect github.com/opencontainers/runtime-spec v1.0.3-0.20200929063507-e6143ca7d51d github.com/opencontainers/selinux v1.8.2 // indirect + github.com/pelletier/go-toml v1.9.3 github.com/pkg/errors v0.9.1 github.com/sirupsen/logrus v1.8.1 + github.com/stretchr/testify v1.5.1 github.com/urfave/cli/v2 v2.3.0 ) diff --git a/sources/host-ctr/go.sum b/sources/host-ctr/go.sum index 38eccdb335a..5e7d879e671 100644 --- a/sources/host-ctr/go.sum +++ b/sources/host-ctr/go.sum @@ -6,12 +6,8 @@ github.com/Microsoft/go-winio v0.4.15-0.20190919025122-fc70bd9a86b5/go.mod h1:tT github.com/Microsoft/hcsshim v0.8.9 h1:VrfodqvztU8YSOvygU+DN1BGaSGxmrNfqOv5oOuX2Bk= github.com/Microsoft/hcsshim v0.8.9/go.mod h1:5692vkUqntj1idxauYlpoINNKeqCiG6Sg38RRsjT5y8= github.com/aws/aws-sdk-go v1.32.13/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0= -github.com/aws/aws-sdk-go v1.37.0 h1:GzFnhOIsrGyQ69s7VgqtrG2BG8v7X7vwB3Xpbd/DBBk= -github.com/aws/aws-sdk-go v1.37.0/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro= github.com/aws/aws-sdk-go v1.40.8 h1:LBeBOKdgxaR1tknlENTBhcN8CjutpofbMJPtl/6Yug4= github.com/aws/aws-sdk-go v1.40.8/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q= -github.com/awslabs/amazon-ecr-containerd-resolver v0.0.0-20200922205237-bbd7175f7bd0 h1:mxzIxXHpy2nmQH1FG/5y0Mr1LRk7RqzwBB+cKe0YwmQ= -github.com/awslabs/amazon-ecr-containerd-resolver v0.0.0-20200922205237-bbd7175f7bd0/go.mod h1:KuTNnZvgS7awNYUpeTkWpvz3GZoj6GNkwr/Mn2TCF8Y= github.com/awslabs/amazon-ecr-containerd-resolver v0.0.0-20201205004003-ec50b15a323d h1:isLKuiATyjdIspi1SVn0v+jBvvrNafrHDovbFqmjjJw= github.com/awslabs/amazon-ecr-containerd-resolver v0.0.0-20201205004003-ec50b15a323d/go.mod h1:KuTNnZvgS7awNYUpeTkWpvz3GZoj6GNkwr/Mn2TCF8Y= github.com/bits-and-blooms/bitset v1.2.0 h1:Kn4yilvwNtMACtf1eYDlG8H77R07mZSPbMjLyS07ChA= @@ -27,8 +23,6 @@ github.com/containerd/console v0.0.0-20180822173158-c12b1e7919c1/go.mod h1:Tj/on github.com/containerd/console v0.0.0-20181022165439-0650fd9eeb50/go.mod h1:Tj/on1eG8kiEhd0+fhSDzsPAFESxzBBvdyEgyryXffw= github.com/containerd/containerd v1.3.2/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= github.com/containerd/containerd v1.3.4/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= -github.com/containerd/containerd v1.4.3 h1:ijQT13JedHSHrQGWFcGEwzcNKrAGIiZ+jSD5QQG07SY= -github.com/containerd/containerd v1.4.3/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= github.com/containerd/containerd v1.4.8 h1:H0wkS4AbVKTg9vyvBdCBrxoax8AMObKbNz9Fl2N0i4Y= github.com/containerd/containerd v1.4.8/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= github.com/containerd/continuity v0.0.0-20190426062206-aaeac12a7ffc/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y= @@ -50,6 +44,7 @@ github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:ma github.com/cpuguy83/go-md2man/v2 v2.0.0 h1:EoUDS0afbrsXAZ9YQ9jdu/mZ2sXgT1/2yyNng4PGlyM= github.com/cpuguy83/go-md2man/v2 v2.0.0/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/docker/distribution v0.0.0-20190205005809-0d3efadf0154/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c h1:+pKlWGMw7gf6bQ+oDZB4KHQFypsfjYlq/C4rfL7D3g8= @@ -90,8 +85,6 @@ github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5a github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/uuid v1.2.0 h1:qJYtXnJRWmpe7m/3XlyhrsLrEURqHRM2kxzoxXqyUDs= -github.com/google/uuid v1.2.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= @@ -129,14 +122,15 @@ github.com/opencontainers/runtime-spec v0.1.2-0.20190507144316-5b71a03e2700/go.m github.com/opencontainers/runtime-spec v1.0.2/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= github.com/opencontainers/runtime-spec v1.0.3-0.20200929063507-e6143ca7d51d h1:pNa8metDkwZjb9g4T8s+krQ+HRgZAkqnXml+wNir/+s= github.com/opencontainers/runtime-spec v1.0.3-0.20200929063507-e6143ca7d51d/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= -github.com/opencontainers/selinux v1.8.0 h1:+77ba4ar4jsCbL1GLbFL8fFM57w6suPfSS9PDLDY7KM= -github.com/opencontainers/selinux v1.8.0/go.mod h1:RScLhm78qiWa2gbVCcGkC7tCGdgk3ogry1nUQF8Evvo= github.com/opencontainers/selinux v1.8.2 h1:c4ca10UMgRcvZ6h0K4HtS15UaVSBEaE+iln2LVpAuGc= github.com/opencontainers/selinux v1.8.2/go.mod h1:MUIHuUEvKB1wtJjQdOyYRgOnLD2xAPP8dBsCoU0KuF8= +github.com/pelletier/go-toml v1.9.3 h1:zeC5b1GviRUyKYd6OJPvBU/mcVDVoL1OhT17FCt5dSQ= +github.com/pelletier/go-toml v1.9.3/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c= github.com/pkg/errors v0.8.1-0.20171018195549-f15c970de5b7/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/procfs v0.0.0-20180125133057-cb4147076ac7/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= @@ -149,8 +143,6 @@ github.com/sirupsen/logrus v1.0.4-0.20170822132746-89742aefa4b2/go.mod h1:pMByvH github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q= github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= -github.com/sirupsen/logrus v1.7.0 h1:ShrD1U9pZB12TX0cVy0DtePoCH97K8EtX+mg7ZARUtM= -github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= github.com/sirupsen/logrus v1.8.1 h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE= github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= github.com/spf13/cobra v0.0.2-0.20171109065643-2da4a54c5cee/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= @@ -159,6 +151,7 @@ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+ github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= +github.com/stretchr/testify v1.5.1 h1:nOGnQDM7FYENwehXlg/kFVnos3rEvtKTjRvOWSzb6H4= github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2 h1:b6uOv7YOFK0TYG7HtkIgExQo+2RdLuwRft63jn2HWj8= github.com/syndtr/gocapability v0.0.0-20180916011248-d98352740cb2/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= @@ -167,15 +160,12 @@ github.com/urfave/cli v1.22.2 h1:gsqYFH8bb9ekPA12kRo0hfjngWQjkJPlN9R0N78BoUo= github.com/urfave/cli v1.22.2/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/urfave/cli/v2 v2.3.0 h1:qph92Y649prgesehzOrQjdWyxFOp/QVM+6imKHad91M= github.com/urfave/cli/v2 v2.3.0/go.mod h1:LJmUH05zAU44vOAcrfzZQKsZbVcdbOG8rtL3/XcUArI= -github.com/willf/bitset v1.1.11 h1:N7Z7E9UvjW+sGsEl7k/SJrvY2reP1A07MrGuCjIOjRE= -github.com/willf/bitset v1.1.11/go.mod h1:83CECat5yLh5zVOf4P1ErAgKA5UDvKtgyUABdr3+MjI= go.etcd.io/bbolt v1.3.4/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ= go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= go.opencensus.io v0.22.3 h1:8sGtKOrtQqkN1bp2AtX+misvLIlOmsEsNd+9NIcPEm8= go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= golang.org/x/crypto v0.0.0-20171113213409-9f005a07e0d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= @@ -185,14 +175,11 @@ golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73r golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20191004110552-13f9640d40b9/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200602114024-627f9648deb9/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20201110031124-69a78807bb2b h1:uwuIcX0g4Yl1NC5XAz37xsr2lTtcqevgzYNVt49waME= -golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20210614182718-04defd469f4e h1:XpT3nA5TvE525Ne3hInMh6+GETgn27Zfm9dxsThnX2Q= golang.org/x/net v0.0.0-20210614182718-04defd469f4e/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -207,7 +194,6 @@ golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5h golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190514135907-3a4b5fb9f71f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -220,16 +206,12 @@ golang.org/x/sys v0.0.0-20200120151820-655fe14d7479/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200602225109-6fdc65e7d980/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f h1:+Nyd8tzPX9R7BWHguqsrbFdRx3WQ/1ib8I44HXV5yTA= -golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210423082822-04245dca01da h1:b3NXsE2LusjYGGjL5bxEVZZORm/YEFFrWFjR8eFrw/c= golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= -golang.org/x/text v0.3.3 h1:cokOdA+Jmi5PJGXLlLllQSgYigAEfHXJAERHVMaCc2k= -golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6 h1:aRYxNxv6iGQlyVaZmk6ZgYEDa+Jg18DxebPSrd6bg1M= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -278,6 +260,7 @@ gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWD gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= diff --git a/sources/models/shared-defaults/defaults.toml b/sources/models/shared-defaults/defaults.toml index e6130995fc9..80382b8d012 100644 --- a/sources/models/shared-defaults/defaults.toml +++ b/sources/models/shared-defaults/defaults.toml @@ -61,9 +61,13 @@ seed.setting-generator = "bork seed" # HostContainers [services.host-containers] -configuration-files = [] +configuration-files = ["host-ctr-registry-config"] restart-commands = ["/usr/bin/host-containers"] +[configuration-files.host-ctr-registry-config] +path = "/etc/host-containers/host-ctr-registry.config" +template-path = "/usr/share/templates/host-ctr-registry-config" + [metadata.settings.host-containers] affected-services = ["host-containers"] @@ -111,7 +115,7 @@ affected-services = ["lockdown"] # Bootstrap Containers [services.bootstrap-containers] -configuration-files = [] +configuration-files = ["host-ctr-registry-config"] restart-commands = ["/usr/bin/bootstrap-containers create-containers"] [metadata.settings.bootstrap-containers] diff --git a/sources/models/shared-defaults/docker-services.toml b/sources/models/shared-defaults/docker-services.toml index 91d8d9ad7aa..799670ee17d 100644 --- a/sources/models/shared-defaults/docker-services.toml +++ b/sources/models/shared-defaults/docker-services.toml @@ -8,4 +8,4 @@ template-path = "/usr/share/templates/docker-daemon-json" # Image registries [metadata.settings.container-registry] -affected-services = ["docker"] +affected-services = ["docker", "host-containers", "bootstrap-containers"] diff --git a/sources/models/shared-defaults/kubernetes-containerd.toml b/sources/models/shared-defaults/kubernetes-containerd.toml index 3d61d8e039a..77c893f7680 100644 --- a/sources/models/shared-defaults/kubernetes-containerd.toml +++ b/sources/models/shared-defaults/kubernetes-containerd.toml @@ -4,4 +4,4 @@ template-path = "/usr/share/templates/containerd-config-toml_k8s" # Image registries [metadata.settings.container-registry] -affected-services = ["containerd"] +affected-services = ["containerd", "host-containers", "bootstrap-containers"]