Allow airgapped CRI-O installation (#6927)
parent
97ff67e54a
commit
17fb1ceed8
|
@ -11,6 +11,9 @@ crio_pause_image: "{{ pod_infra_image_repo }}:{{ pod_infra_version }}"
|
|||
# By default unqualified images are not allowed for security reasons
|
||||
crio_registries: []
|
||||
|
||||
# Configure insecure registries.
|
||||
crio_insecure_registries: []
|
||||
|
||||
crio_seccomp_profile: ""
|
||||
crio_selinux: "{{ (preinstall_selinux_state == 'enforcing')|lower }}"
|
||||
crio_signature_policy: "{% if ansible_os_family == 'ClearLinux' %}/usr/share/defaults/crio/policy.json{% endif %}"
|
||||
|
@ -50,3 +53,7 @@ kata_runtimes:
|
|||
path: /opt/kata/bin/kata-qemu
|
||||
type: oci
|
||||
root: /run/kata-containers
|
||||
|
||||
# When this is true, CRI-O package repositories are added. Set this to false when using an
|
||||
# environment with preconfigured CRI-O package repositories.
|
||||
crio_add_repos: true
|
||||
|
|
|
@ -39,7 +39,9 @@
|
|||
- (ansible_distribution_major_version | int) >= 31
|
||||
- ansible_proc_cmdline['systemd.unified_cgroup_hierarchy'] is not defined or ansible_proc_cmdline['systemd.unified_cgroup_hierarchy'] != '0'
|
||||
|
||||
- import_tasks: "crio_repo.yml"
|
||||
- name: import crio repo
|
||||
import_tasks: "crio_repo.yml"
|
||||
when: crio_add_repos
|
||||
|
||||
- import_tasks: "crictl.yml"
|
||||
|
||||
|
|
|
@ -339,7 +339,11 @@ signature_policy = "{{ crio_signature_policy }}"
|
|||
# List of registries to skip TLS verification for pulling images. Please
|
||||
# consider configuring the registries via /etc/containers/registries.conf before
|
||||
# changing them here.
|
||||
#insecure_registries = "[]"
|
||||
insecure_registries = [
|
||||
{% for insecure_registry in crio_insecure_registries %}
|
||||
"{{ insecure_registry }}",
|
||||
{% endfor %}
|
||||
]
|
||||
|
||||
# Controls how image volumes are handled. The valid values are mkdir, bind and
|
||||
# ignore; the latter will ignore volumes entirely.
|
||||
|
|
Loading…
Reference in New Issue