From a074596c2ced5728c2c5f073b5da9a374f53e983 Mon Sep 17 00:00:00 2001
From: Max Gautier <mg@max.gautier.name>
Date: Thu, 28 Nov 2024 13:38:59 +0100
Subject: [PATCH] containerd: always use config_path (#11755)

config_path was introduced in containerd 1.5.0, and registry.mirrors is
deprecated.

There is no reason to keep the old alternative, so just always use
config_path, and consequently remove the option.
---
 roles/container-engine/containerd/defaults/main.yml  |  3 ---
 roles/container-engine/containerd/tasks/main.yml     |  1 -
 .../containerd/templates/config.toml.j2              | 12 ------------
 3 files changed, 16 deletions(-)

diff --git a/roles/container-engine/containerd/defaults/main.yml b/roles/container-engine/containerd/defaults/main.yml
index b6c7fdccd..2ee81f4a8 100644
--- a/roles/container-engine/containerd/defaults/main.yml
+++ b/roles/container-engine/containerd/defaults/main.yml
@@ -93,9 +93,6 @@ containerd_limit_core: "infinity"
 containerd_limit_open_file_num: "infinity"
 containerd_limit_mem_lock: "infinity"
 
-# If enabled it will use config_path and config to be put in {{ containerd_cfg_dir }}/certs.d/
-containerd_use_config_path: false
-
 # OS distributions that already support containerd
 containerd_supported_distributions:
   - "CentOS"
diff --git a/roles/container-engine/containerd/tasks/main.yml b/roles/container-engine/containerd/tasks/main.yml
index 8b8c12cbb..51a95d06c 100644
--- a/roles/container-engine/containerd/tasks/main.yml
+++ b/roles/container-engine/containerd/tasks/main.yml
@@ -115,7 +115,6 @@
   notify: Restart containerd
 
 - name: Containerd | Configure containerd registries
-  when: containerd_registries_mirrors is defined
   block:
     - name: Containerd | Create registry directories
       file:
diff --git a/roles/container-engine/containerd/templates/config.toml.j2 b/roles/container-engine/containerd/templates/config.toml.j2
index 6bffae254..72f0a00b0 100644
--- a/roles/container-engine/containerd/templates/config.toml.j2
+++ b/roles/container-engine/containerd/templates/config.toml.j2
@@ -69,19 +69,7 @@ oom_score = {{ containerd_oom_score }}
           runtime_type = "io.containerd.runsc.v1"
 {% endif %}
     [plugins."io.containerd.grpc.v1.cri".registry]
-{% if containerd_use_config_path is defined and containerd_use_config_path|bool %}
       config_path = "{{ containerd_cfg_dir }}/certs.d"
-{% else %}
-      [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
-{% for registry in containerd_registries_mirrors %}
-        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."{{ registry.prefix }}"]
-          endpoint = {{ registry.mirrors | map(attribute='host') | unique | to_json }}
-{% endfor %}
-{% for mirror in containerd_registries_mirrors | map(attribute='mirrors') | flatten | selectattr('skip_verify', 'defined') | selectattr('skip_verify') | unique %}
-        [plugins."io.containerd.grpc.v1.cri".registry.configs."{{ mirror.host | urlsplit('netloc') }}".tls]
-          insecure_skip_verify = true
-{% endfor %}
-{% endif %}
 {% for registry in containerd_registry_auth if registry['registry'] is defined %}
 {% if (registry['username'] is defined and registry['password'] is defined) or registry['auth'] is defined %}
       [plugins."io.containerd.grpc.v1.cri".registry.configs."{{ registry['registry'] }}".auth]
-- 
GitLab