From 420a4122345588faf77741419832a998b3aa8bb1 Mon Sep 17 00:00:00 2001
From: Zhong Jianxin <azuwis@users.noreply.github.com>
Date: Mon, 12 Apr 2021 16:02:00 +0800
Subject: [PATCH] Add containerd_extra_args (#7461)

* Add containerd_extra_args

This is useful for custom containerd config, e.g. auth

Signed-off-by: Zhong Jianxin <azuwis@gmail.com>

* Make containerd config.toml mode 0640

It may contain sensitive information like password

Signed-off-by: Zhong Jianxin <azuwis@gmail.com>
---
 roles/container-engine/containerd/defaults/main.yml        | 3 +++
 roles/container-engine/containerd/tasks/main.yml           | 2 +-
 roles/container-engine/containerd/templates/config.toml.j2 | 4 ++++
 3 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/roles/container-engine/containerd/defaults/main.yml b/roles/container-engine/containerd/defaults/main.yml
index 908f56b30..82276b9bf 100644
--- a/roles/container-engine/containerd/defaults/main.yml
+++ b/roles/container-engine/containerd/defaults/main.yml
@@ -64,3 +64,6 @@ containerd_fedora_repo_base_url: "https://download.docker.com/linux/fedora/{{ an
 containerd_fedora_repo_gpgkey: "https://download.docker.com/linux/fedora/gpg"
 containerd_fedora_repo_repokey: "9DC858229FC7DD38854AE2D88D81803C0EBFCD88"
 containerd_fedora_repo_component: "stable"
+
+# Extra config to be put in {{ containerd_cfg_dir }}/config.toml literally
+containerd_extra_args: ''
diff --git a/roles/container-engine/containerd/tasks/main.yml b/roles/container-engine/containerd/tasks/main.yml
index cd97f88d9..6aacec08d 100644
--- a/roles/container-engine/containerd/tasks/main.yml
+++ b/roles/container-engine/containerd/tasks/main.yml
@@ -79,7 +79,7 @@
     src: config.toml.j2
     dest: "{{ containerd_cfg_dir }}/config.toml"
     owner: "root"
-    mode: 0644
+    mode: 0640
   notify: restart containerd
 
 # This is required to ensure any apt upgrade will not break kubernetes
diff --git a/roles/container-engine/containerd/templates/config.toml.j2 b/roles/container-engine/containerd/templates/config.toml.j2
index ed3896936..c830e7a46 100644
--- a/roles/container-engine/containerd/templates/config.toml.j2
+++ b/roles/container-engine/containerd/templates/config.toml.j2
@@ -39,3 +39,7 @@ version = 2
         [plugins."io.containerd.grpc.v1.cri".registry.mirrors."{{ registry }}"]
           endpoint = ["{{ ([ addr ] | flatten ) | join('","') }}"]
 {% endfor %}
+
+{% if containerd_extra_args is defined %}
+{{ containerd_extra_args }}
+{% endif %}
-- 
GitLab