Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

containerd insecure registry support #8298

Merged
merged 1 commit into from Dec 13, 2021
Merged

containerd insecure registry support #8298

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions inventory/sample/group_vars/all/containerd.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,14 @@

# containerd_metrics_grpc_histogram: false

## An obvious use case is allowing insecure-registry access to self hosted registries.
## Can be ipaddress and domain_name.
## example define mirror.registry.io or 172.19.16.11:5000
## Port number is also needed if the default HTTPS port is not used.
# containerd_insecure_registries:
# - mirror.registry.io
# - 172.19.16.11:5000

# containerd_registries:
# "docker.io": "https://registry-1.docker.io"

Expand Down
6 changes: 6 additions & 0 deletions roles/container-engine/containerd/templates/config.toml.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,12 @@ oom_score = {{ containerd_oom_score }}
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."{{ registry }}"]
endpoint = ["{{ ([ addr ] | flatten ) | join('","') }}"]
{% endfor %}
{% for addr in containerd_insecure_registries %}
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."{{ addr }}"]
endpoint = ["{{ ([ addr ] | flatten ) | join('","') }}"]
[plugins."io.containerd.grpc.v1.cri".registry.configs."{{ addr }}".tls]
insecure_skip_verify = true
{% endfor %}
{% for registry in containerd_registry_auth if registry['registry'] is defined %}
{% if (registry['username'] is defined and registry['password'] is defined) or registry['auth'] is defined %}
[plugins."io.containerd.grpc.v1.cri".registry.configs."{{ registry['registry'] }}".auth]
Expand Down
9 changes: 9 additions & 0 deletions roles/kubespray-defaults/defaults/main.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -346,6 +346,15 @@ containerd_use_systemd_cgroup: true
# Docker options - this is relevant when container_manager == 'docker'
docker_containerd_version: 1.4.12

## An obvious use case is allowing insecure-registry access to self hosted registries.
## Can be ipaddress and domain_name.
## example define mirror.registry.io or 172.19.16.11:5000
## Port number is also needed if the default HTTPS port is not used.
# containerd_insecure_registries:
# - mirror.registry.io
# - 172.19.16.11:5000
containerd_insecure_registries: []

# Settings for containerized control plane (etcd/kubelet/secrets)
# deployment type for legacy etcd mode
etcd_deployment_type: host
Expand Down