From e4e8f1835b860d8a06558d7ed6d9a15dc0655a48 Mon Sep 17 00:00:00 2001 From: gjmzj Date: Sat, 2 Sep 2023 11:19:40 +0800 Subject: [PATCH] enable setting trusted insecure registries for containerd --- example/config.yml | 17 ++++++++--------- roles/containerd/templates/config.toml.j2 | 18 +++++++----------- roles/docker/templates/daemon.json.j2 | 2 +- 3 files changed, 16 insertions(+), 21 deletions(-) diff --git a/example/config.yml b/example/config.yml index fac2c2f..378f9b9 100644 --- a/example/config.yml +++ b/example/config.yml @@ -47,27 +47,26 @@ ETCD_WAL_DIR: "" ############################ # role:runtime [containerd,docker] ############################ -# ------------------------------------------- containerd -# [.]启用容器仓库镜像 +# [.]启用拉取加速镜像仓库 ENABLE_MIRROR_REGISTRY: true -# [containerd]基础容器镜像 +# [.]添加信任的私有仓库 +INSECURE_REG: + - "http://easzlab.io.local:5000" + - "https://{{ HARBOR_REGISTRY }}" + +# [.]基础容器镜像 SANDBOX_IMAGE: "easzlab.io.local:5000/easzlab/pause:__pause__" # [containerd]容器持久化存储目录 CONTAINERD_STORAGE_DIR: "/var/lib/containerd" -# ------------------------------------------- docker # [docker]容器存储目录 DOCKER_STORAGE_DIR: "/var/lib/docker" # [docker]开启Restful API -ENABLE_REMOTE_API: false +DOCKER_ENABLE_REMOTE_API: false -# [docker]信任的HTTP仓库 -INSECURE_REG: - - "http://easzlab.io.local:5000" - - "https://{{ HARBOR_REGISTRY }}" ############################ # role:kube-master diff --git a/roles/containerd/templates/config.toml.j2 b/roles/containerd/templates/config.toml.j2 index 9ad8a4f..a680f65 100644 --- a/roles/containerd/templates/config.toml.j2 +++ b/roles/containerd/templates/config.toml.j2 @@ -136,19 +136,18 @@ version = 2 [plugins."io.containerd.grpc.v1.cri".registry.auths] [plugins."io.containerd.grpc.v1.cri".registry.configs] - [plugins."io.containerd.grpc.v1.cri".registry.configs."easzlab.io.local:5000".tls] - insecure_skip_verify = true - - [plugins."io.containerd.grpc.v1.cri".registry.configs."{{ HARBOR_REGISTRY }}".tls] +{% for reg in INSECURE_REG %} + [plugins."io.containerd.grpc.v1.cri".registry.configs."{{ reg.split('/')[2] }}".tls] insecure_skip_verify = true +{% endfor %} [plugins."io.containerd.grpc.v1.cri".registry.headers] [plugins."io.containerd.grpc.v1.cri".registry.mirrors] - [plugins."io.containerd.grpc.v1.cri".registry.mirrors."easzlab.io.local:5000"] - endpoint = ["http://easzlab.io.local:5000"] - [plugins."io.containerd.grpc.v1.cri".registry.mirrors."{{ HARBOR_REGISTRY }}"] - endpoint = ["https://{{ HARBOR_REGISTRY }}"] +{% for reg in INSECURE_REG %} + [plugins."io.containerd.grpc.v1.cri".registry.mirrors."{{ reg.split('/')[2] }}"] + endpoint = ["{{ reg }}"] +{% endfor %} {% if ENABLE_MIRROR_REGISTRY %} [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"] endpoint = ["https://docker.nju.edu.cn/", "https://kuamavit.mirror.aliyuncs.com"] @@ -187,9 +186,6 @@ version = 2 shim = "containerd-shim" shim_debug = false - [plugins."io.containerd.runtime.v2.task"] - platforms = ["linux/amd64"] - [plugins."io.containerd.service.v1.diff-service"] default = ["walking"] diff --git a/roles/docker/templates/daemon.json.j2 b/roles/docker/templates/daemon.json.j2 index ea8c1d9..582ac15 100644 --- a/roles/docker/templates/daemon.json.j2 +++ b/roles/docker/templates/daemon.json.j2 @@ -7,7 +7,7 @@ "https://kuamavit.mirror.aliyuncs.com" ], {% endif %} -{% if ENABLE_REMOTE_API %} +{% if DOCKER_ENABLE_REMOTE_API %} "hosts": ["tcp://0.0.0.0:2376", "unix:///var/run/docker.sock"], {% endif %} "insecure-registries": {{ INSECURE_REG }},