Skip to content
Snippets Groups Projects
Unverified Commit 4f27c763 authored by Marat Talipov's avatar Marat Talipov Committed by GitHub
Browse files

containerd insecure registry support (#8298)

parent 0e969c0b
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
inventory/sample/group_vars/all/containerd.yml
+ 8
0
View file @ 4f27c763
...@@ -28,6 +28,14 @@ ...@@ -28,6 +28,14 @@
# containerd_metrics_grpc_histogram: false # containerd_metrics_grpc_histogram: false
## An obvious use case is allowing insecure-registry access to self hosted registries.
## Can be ipaddress and domain_name.
## example define mirror.registry.io or 172.19.16.11:5000
## Port number is also needed if the default HTTPS port is not used.
# containerd_insecure_registries:
# - mirror.registry.io
# - 172.19.16.11:5000
# containerd_registries: # containerd_registries:
# "docker.io": "https://registry-1.docker.io" # "docker.io": "https://registry-1.docker.io"
......
roles/container-engine/containerd/templates/config.toml.j2
+ 6
0
View file @ 4f27c763
...@@ -54,6 +54,12 @@ oom_score = {{ containerd_oom_score }} ...@@ -54,6 +54,12 @@ oom_score = {{ containerd_oom_score }}
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."{{ registry }}"] [plugins."io.containerd.grpc.v1.cri".registry.mirrors."{{ registry }}"]
endpoint = ["{{ ([ addr ] | flatten ) | join('","') }}"] endpoint = ["{{ ([ addr ] | flatten ) | join('","') }}"]
{% endfor %} {% endfor %}
{% for addr in containerd_insecure_registries %}
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."{{ addr }}"]
endpoint = ["{{ ([ addr ] | flatten ) | join('","') }}"]
[plugins."io.containerd.grpc.v1.cri".registry.configs."{{ addr }}".tls]
insecure_skip_verify = true
{% endfor %}
{% for registry in containerd_registry_auth if registry['registry'] is defined %} {% for registry in containerd_registry_auth if registry['registry'] is defined %}
{% if (registry['username'] is defined and registry['password'] is defined) or registry['auth'] is defined %} {% if (registry['username'] is defined and registry['password'] is defined) or registry['auth'] is defined %}
[plugins."io.containerd.grpc.v1.cri".registry.configs."{{ registry['registry'] }}".auth] [plugins."io.containerd.grpc.v1.cri".registry.configs."{{ registry['registry'] }}".auth]
......
roles/kubespray-defaults/defaults/main.yaml
+ 9
0
View file @ 4f27c763
...@@ -346,6 +346,15 @@ containerd_use_systemd_cgroup: true ...@@ -346,6 +346,15 @@ containerd_use_systemd_cgroup: true
# Docker options - this is relevant when container_manager == 'docker' # Docker options - this is relevant when container_manager == 'docker'
docker_containerd_version: 1.4.12 docker_containerd_version: 1.4.12
## An obvious use case is allowing insecure-registry access to self hosted registries.
## Can be ipaddress and domain_name.
## example define mirror.registry.io or 172.19.16.11:5000
## Port number is also needed if the default HTTPS port is not used.
# containerd_insecure_registries:
# - mirror.registry.io
# - 172.19.16.11:5000
containerd_insecure_registries: []
# Settings for containerized control plane (etcd/kubelet/secrets) # Settings for containerized control plane (etcd/kubelet/secrets)
# deployment type for legacy etcd mode # deployment type for legacy etcd mode
etcd_deployment_type: host etcd_deployment_type: host
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment