From a040e521b416ed06f8298dfaedf5f7c8209bfd63 Mon Sep 17 00:00:00 2001
From: Samuel <faust64@gmail.com>
Date: Mon, 23 Aug 2021 15:40:00 +0200
Subject: [PATCH] feat(containerd): auth support (#7868)

* feat(containerd): auth support

* fix(registry-auth): rename variable
---
 inventory/sample/group_vars/all/containerd.yml        |  5 +++++
 roles/container-engine/containerd/defaults/main.yml   |  6 ++++++
 .../containerd/templates/config.toml.j2               | 11 +++++++++++
 3 files changed, 22 insertions(+)

diff --git a/inventory/sample/group_vars/all/containerd.yml b/inventory/sample/group_vars/all/containerd.yml
index 82c4953db..3f617f206 100644
--- a/inventory/sample/group_vars/all/containerd.yml
+++ b/inventory/sample/group_vars/all/containerd.yml
@@ -32,3 +32,8 @@
 #   "docker.io": "https://registry-1.docker.io"
 
 # containerd_max_container_log_line_size: -1
+
+# containerd_registry_auth:
+#   - registry: 10.0.0.2:5000
+#     username: user
+#     password: pass
diff --git a/roles/container-engine/containerd/defaults/main.yml b/roles/container-engine/containerd/defaults/main.yml
index dc9777fc0..0e0bb0d50 100644
--- a/roles/container-engine/containerd/defaults/main.yml
+++ b/roles/container-engine/containerd/defaults/main.yml
@@ -70,3 +70,9 @@ containerd_fedora_repo_component: "stable"
 
 # Extra config to be put in {{ containerd_cfg_dir }}/config.toml literally
 containerd_extra_args: ''
+
+# Configure registry auth (if applicable to secure/insecure registries)
+containerd_registry_auth: []
+#  - registry: 10.0.0.2:5000
+#    username: user
+#    password: pass
diff --git a/roles/container-engine/containerd/templates/config.toml.j2 b/roles/container-engine/containerd/templates/config.toml.j2
index a344e4b96..35c4f933a 100644
--- a/roles/container-engine/containerd/templates/config.toml.j2
+++ b/roles/container-engine/containerd/templates/config.toml.j2
@@ -46,6 +46,17 @@ oom_score = {{ containerd_oom_score }}
         [plugins."io.containerd.grpc.v1.cri".registry.mirrors."{{ registry }}"]
           endpoint = ["{{ ([ addr ] | flatten ) | join('","') }}"]
 {% endfor %}
+{% for registry in containerd_registry_auth if registry['registry'] is defined %}
+{% if (registry['username'] is defined and registry['password'] is defined) or registry['auth'] is defined %}
+      [plugins."io.containerd.grpc.v1.cri".registry.configs."{{ registry['registry'] }}".auth]
+{% if registry['username'] is defined and registry['password'] is defined %}
+        password = "{{ registry['password'] }}"
+        username = "{{ registry['username'] }}"
+{% else %}
+        auth = "{{ registry['auth'] }}"
+{% endif %}
+{% endif %}
+{% endfor %}
 
 {% if containerd_extra_args is defined %}
 {{ containerd_extra_args }}
-- 
GitLab