cri-o registry auth support (#7837)

* cri-o registry auth support

* yaml lint for comments

* crio_registry_auth from registry_auth

* crio_registry_auth as defaults
pull/7933/head
kranthi guttikonda 2021-09-01 13:20:59 -04:00 committed by GitHub
parent e1967b0700
commit 81bf4f9304
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 37 additions and 1 deletions

View File

@ -0,0 +1,6 @@
# crio_insecure_registries:
# - 10.0.0.2:5000
# crio_registry_auth:
# - registry: 10.0.0.2:5000
# username: user
# password: pass

View File

@ -14,6 +14,12 @@ crio_registries: []
# Configure insecure registries.
crio_insecure_registries: []
# Configure registry auth (if applicable to secure/insecure registries)
crio_registry_auth: []
# - registry: 10.0.0.2:5000
# username: user
# password: pass
# Define registiries mirror
crio_registries_mirrors: []

View File

@ -80,6 +80,12 @@
mode: 0644
register: config_install
- name: Install config.json
template:
src: config.json.j2
dest: /etc/crio/config.json
register: reg_auth_install
- name: Add skopeo pkg to install
set_fact:
crio_packages: "{{ crio_packages + skopeo_packages }}"
@ -198,6 +204,7 @@
state: restarted
when:
- config_install.changed
- reg_auth_install.changed
- not package_install.changed
- not service_start.changed

View File

@ -0,0 +1,17 @@
{% if crio_registry_auth is defined and crio_registry_auth|length %}
{
{% for reg in crio_registry_auth %}
"auths": {
"{{ reg.registry }}": {
"auth": "{{ (reg.username + ':' + reg.password) | string | b64encode }}"
}
{% if not loop.last %}
},
{% else %}
}
{% endif %}
{% endfor %}
}
{% else %}
{}
{% endif %}

View File

@ -313,7 +313,7 @@ default_transport = "docker://"
# The path to a file containing credentials necessary for pulling images from
# secure registries. The file is similar to that of /var/lib/kubelet/config.json
global_auth_file = ""
global_auth_file = "/etc/crio/config.json"
# The image used to instantiate infra containers.
# This option supports live configuration reload.