Add insecure_registry config to crio.conf (#10142)

roles/container-engine/cri-o/templates/crio.conf.j2

@@ -313,6 +313,9 @@ allowed_annotations = {{ runtime.allowed_annotations|default([])|to_json }}
 # this file. Otherwise, leave insecure_registries and registries commented out to
 # use the system's defaults from /etc/containers/registries.conf.
 [crio.image]
+{% if crio_insecure_registries is defined and crio_insecure_registries|length>0 %}
+insecure_registries = {{ crio_insecure_registries }}
+{% endif %}
 
 # Default transport for pulling images from a remote container storage.
 default_transport = "docker://"

roles/kubespray-defaults/defaults/main.yaml

@@ -299,6 +299,8 @@ cri_socket: >-
   unix:///var/run/cri-dockerd.sock
   {%- endif -%}
 
+crio_insecure_registries: []
+
 ## Uncomment this if you want to force overlay/overlay2 as docker storage driver
 ## Please note that overlay2 is only supported on newer kernels
 # docker_storage_options: -s overlay2