Skip to content

Commit

Permalink
containerd insecure registry support (#8298)
Browse files Browse the repository at this point in the history
  • Loading branch information
Marat Talipov authored Dec 13, 2021
1 parent 0e969c0 commit 4f27c76
Show file tree
Hide file tree
Showing 3 changed files with 23 additions and 0 deletions.
8 changes: 8 additions & 0 deletions inventory/sample/group_vars/all/containerd.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,14 @@

# containerd_metrics_grpc_histogram: false

## An obvious use case is allowing insecure-registry access to self hosted registries.
## Can be ipaddress and domain_name.
## example define mirror.registry.io or 172.19.16.11:5000
## Port number is also needed if the default HTTPS port is not used.
# containerd_insecure_registries:
# - mirror.registry.io
# - 172.19.16.11:5000

# containerd_registries:
# "docker.io": "https://registry-1.docker.io"

Expand Down
6 changes: 6 additions & 0 deletions roles/container-engine/containerd/templates/config.toml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,12 @@ oom_score = {{ containerd_oom_score }}
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."{{ registry }}"]
endpoint = ["{{ ([ addr ] | flatten ) | join('","') }}"]
{% endfor %}
{% for addr in containerd_insecure_registries %}
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."{{ addr }}"]
endpoint = ["{{ ([ addr ] | flatten ) | join('","') }}"]
[plugins."io.containerd.grpc.v1.cri".registry.configs."{{ addr }}".tls]
insecure_skip_verify = true
{% endfor %}
{% for registry in containerd_registry_auth if registry['registry'] is defined %}
{% if (registry['username'] is defined and registry['password'] is defined) or registry['auth'] is defined %}
[plugins."io.containerd.grpc.v1.cri".registry.configs."{{ registry['registry'] }}".auth]
Expand Down
9 changes: 9 additions & 0 deletions roles/kubespray-defaults/defaults/main.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -346,6 +346,15 @@ containerd_use_systemd_cgroup: true
# Docker options - this is relevant when container_manager == 'docker'
docker_containerd_version: 1.4.12

## An obvious use case is allowing insecure-registry access to self hosted registries.
## Can be ipaddress and domain_name.
## example define mirror.registry.io or 172.19.16.11:5000
## Port number is also needed if the default HTTPS port is not used.
# containerd_insecure_registries:
# - mirror.registry.io
# - 172.19.16.11:5000
containerd_insecure_registries: []

# Settings for containerized control plane (etcd/kubelet/secrets)
# deployment type for legacy etcd mode
etcd_deployment_type: host
Expand Down

0 comments on commit 4f27c76

Please sign in to comment.