From 7f90fc7b12b46434c9307cb90a7fbc9de2501544 Mon Sep 17 00:00:00 2001
From: Seena Fallah <seenafallah@gmail.com>
Date: Tue, 8 Oct 2024 09:46:22 +0200
Subject: [PATCH] containerd: simplify registry mirror template (#11326)

Simplify registry mirror rendering in config.toml.
The map filter can extract the host list from mirrors so we can
just unique them and render them without needing to construct vars
for it.
For the registry mirror tls section, we can first extract mirrors
from the dict then filter on only the ones having skip_veridy defined
first and then filter on the ones having true (as the dict might not
have skip_verify defined and that would cause errors of undefined var).

This will speed up and simply the templating.

Signed-off-by: Seena Fallah <seenafallah@gmail.com>
---
 .../containerd/templates/config.toml.j2              | 12 +++---------
 1 file changed, 3 insertions(+), 9 deletions(-)

diff --git a/roles/container-engine/containerd/templates/config.toml.j2 b/roles/container-engine/containerd/templates/config.toml.j2
index 3f65ef5d7..6bffae254 100644
--- a/roles/container-engine/containerd/templates/config.toml.j2
+++ b/roles/container-engine/containerd/templates/config.toml.j2
@@ -73,18 +73,12 @@ oom_score = {{ containerd_oom_score }}
       config_path = "{{ containerd_cfg_dir }}/certs.d"
 {% else %}
       [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
-{% set insecure_registries_addr = [] %}
 {% for registry in containerd_registries_mirrors %}
         [plugins."io.containerd.grpc.v1.cri".registry.mirrors."{{ registry.prefix }}"]
-{% set endpoint = [] %}
-{% for mirror in registry.mirrors %}
-{% if endpoint.append(mirror.host) %}{% endif %}
-{% if mirror.skip_verify is defined and mirror.skip_verify|bool %}{% if insecure_registries_addr.append(mirror.host | urlsplit('netloc')) %}{% endif %}{% endif %}
+          endpoint = {{ registry.mirrors | map(attribute='host') | unique | to_json }}
 {% endfor %}
-          endpoint = ["{{ ( endpoint | unique ) | join('","') }}"]
-{% endfor %}
-{% for addr in insecure_registries_addr | unique %}
-        [plugins."io.containerd.grpc.v1.cri".registry.configs."{{ addr }}".tls]
+{% for mirror in containerd_registries_mirrors | map(attribute='mirrors') | flatten | selectattr('skip_verify', 'defined') | selectattr('skip_verify') | unique %}
+        [plugins."io.containerd.grpc.v1.cri".registry.configs."{{ mirror.host | urlsplit('netloc') }}".tls]
           insecure_skip_verify = true
 {% endfor %}
 {% endif %}