enable setting trusted insecure registries for containerd

2023-09-02 11:19:40 +08:00 · 2023-09-02 11:19:40 +08:00 · e4e8f1835b
parent 56f0939974
commit e4e8f1835b
3 changed files with 16 additions and 21 deletions
--- a/example/config.yml
+++ b/example/config.yml
@ -47,27 +47,26 @@ ETCD_WAL_DIR: ""
 ############################
 # role:runtime [containerd,docker]
 ############################
-# ------------------------------------------- containerd
+# [.]启用拉取加速镜像仓库
 # [.]启用容器仓库镜像
 ENABLE_MIRROR_REGISTRY: true
-# [containerd]基础容器镜像
+# [.]添加信任的私有仓库
 INSECURE_REG:
  - "http://easzlab.io.local:5000"
  - "https://{{ HARBOR_REGISTRY }}"
 # [.]基础容器镜像
 SANDBOX_IMAGE: "easzlab.io.local:5000/easzlab/pause:__pause__"
 # [containerd]容器持久化存储目录
 CONTAINERD_STORAGE_DIR: "/var/lib/containerd"
 # ------------------------------------------- docker
 # [docker]容器存储目录
 DOCKER_STORAGE_DIR: "/var/lib/docker"
 # [docker]开启Restful API
-ENABLE_REMOTE_API: false
+DOCKER_ENABLE_REMOTE_API: false
 # [docker]信任的HTTP仓库
 INSECURE_REG:
  - "http://easzlab.io.local:5000"
  - "https://{{ HARBOR_REGISTRY }}"
 ############################
 # role:kube-master
--- a/roles/containerd/templates/config.toml.j2
+++ b/roles/containerd/templates/config.toml.j2
@ -136,19 +136,18 @@ version = 2
      [plugins."io.containerd.grpc.v1.cri".registry.auths]
      [plugins."io.containerd.grpc.v1.cri".registry.configs]
-        [plugins."io.containerd.grpc.v1.cri".registry.configs."easzlab.io.local:5000".tls]
+{% for reg in INSECURE_REG %}
-          insecure_skip_verify = true
+        [plugins."io.containerd.grpc.v1.cri".registry.configs."{{ reg.split('/')[2] }}".tls]
        [plugins."io.containerd.grpc.v1.cri".registry.configs."{{ HARBOR_REGISTRY }}".tls]
          insecure_skip_verify = true
 {% endfor %}
      [plugins."io.containerd.grpc.v1.cri".registry.headers]
      [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
-        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."easzlab.io.local:5000"]
+{% for reg in INSECURE_REG %}
-          endpoint = ["http://easzlab.io.local:5000"]
+        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."{{ reg.split('/')[2] }}"]
-        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."{{ HARBOR_REGISTRY }}"]
+          endpoint = ["{{ reg }}"]
-          endpoint = ["https://{{ HARBOR_REGISTRY }}"]
+{% endfor %}
 {% if ENABLE_MIRROR_REGISTRY %}
        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
          endpoint = ["https://docker.nju.edu.cn/", "https://kuamavit.mirror.aliyuncs.com"]
@ -187,9 +186,6 @@ version = 2
    shim = "containerd-shim"
    shim_debug = false
  [plugins."io.containerd.runtime.v2.task"]
    platforms = ["linux/amd64"]
  [plugins."io.containerd.service.v1.diff-service"]
    default = ["walking"]
--- a/roles/docker/templates/daemon.json.j2
+++ b/roles/docker/templates/daemon.json.j2
@ -7,7 +7,7 @@
    "https://kuamavit.mirror.aliyuncs.com"
  ], 
 {% endif %}
-{% if ENABLE_REMOTE_API %}
+{% if DOCKER_ENABLE_REMOTE_API %}
  "hosts": ["tcp://0.0.0.0:2376", "unix:///var/run/docker.sock"],
 {% endif %}
  "insecure-registries": {{ INSECURE_REG }},