From 8c32be5feb590ba461c541ee714db50c613f4f08 Mon Sep 17 00:00:00 2001
From: qlijin <qlijin@gmail.com>
Date: Mon, 29 May 2023 10:03:41 +0800
Subject: [PATCH] Add insecure_registry config to crio.conf (#10142)

---
 roles/container-engine/cri-o/templates/crio.conf.j2 | 3 +++
 roles/kubespray-defaults/defaults/main.yaml         | 2 ++
 2 files changed, 5 insertions(+)

diff --git a/roles/container-engine/cri-o/templates/crio.conf.j2 b/roles/container-engine/cri-o/templates/crio.conf.j2
index c8a3741bf..f882ed620 100644
--- a/roles/container-engine/cri-o/templates/crio.conf.j2
+++ b/roles/container-engine/cri-o/templates/crio.conf.j2
@@ -313,6 +313,9 @@ allowed_annotations = {{ runtime.allowed_annotations|default([])|to_json }}
 # this file. Otherwise, leave insecure_registries and registries commented out to
 # use the system's defaults from /etc/containers/registries.conf.
 [crio.image]
+{% if crio_insecure_registries is defined and crio_insecure_registries|length>0 %}
+insecure_registries = {{ crio_insecure_registries }}
+{% endif %}
 
 # Default transport for pulling images from a remote container storage.
 default_transport = "docker://"
diff --git a/roles/kubespray-defaults/defaults/main.yaml b/roles/kubespray-defaults/defaults/main.yaml
index 029c808ec..be0dff35b 100644
--- a/roles/kubespray-defaults/defaults/main.yaml
+++ b/roles/kubespray-defaults/defaults/main.yaml
@@ -299,6 +299,8 @@ cri_socket: >-
   unix:///var/run/cri-dockerd.sock
   {%- endif -%}
 
+crio_insecure_registries: []
+
 ## Uncomment this if you want to force overlay/overlay2 as docker storage driver
 ## Please note that overlay2 is only supported on newer kernels
 # docker_storage_options: -s overlay2