add containerd registry mirror certificate configuration

Signed-off-by: KubeKyrie <shaolong.qin@daocloud.io>
kubernetes-sigs · Jan 6, 2025 · ed099fd · ed099fd
1 parent 57490d5
commit ed099fd
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 0 deletions.
diff --git a/roles/container-engine/containerd/defaults/main.yml b/roles/container-engine/containerd/defaults/main.yml
@@ -56,12 +56,16 @@ containerd_metrics_address: ""
 
 containerd_metrics_grpc_histogram: false
 
+# ca can be set to a path or an array of paths each pointing to a ca file for use in authenticating with the registry namespace
+# client can be set to a path or an array of paths or an array of pairs of paths
 containerd_registries_mirrors:
   - prefix: docker.io
     mirrors:
       - host: https://registry-1.docker.io
         capabilities: ["pull", "resolve"]
         skip_verify: false
+#        ca: "/etc/certs/mirror.pem"
+#        client: "/etc/certs/client.pem"
 
 containerd_max_container_log_line_size: 16384
 

diff --git a/roles/container-engine/containerd/templates/hosts.toml.j2 b/roles/container-engine/containerd/templates/hosts.toml.j2
@@ -4,4 +4,22 @@ server = "{{ item.server | default("https://" + item.prefix) }}"
   capabilities = ["{{ ([ mirror.capabilities ] | flatten ) | join('","') }}"]
   skip_verify = {{ mirror.skip_verify | default('false') | string | lower }}
   override_path = {{ mirror.override_path | default('false') | string | lower }}
+{% if mirror.ca is defined %}
+{% if mirror.ca is string %}
+  ca = "{{ mirror.ca }}"
+{% elif mirror.ca is sequence %}
+  ca = ["{{ ([ mirror.ca ] | flatten ) | join('","') }}"]
+{% endif %}
+{% endif %}
+{% if mirror.client is defined %}
+{% if mirror.client is string %}
+  client = "{{ mirror.client }}"
+{% elif mirror.client is sequence %}
+{% if mirror.client[0] is string %}
+  client = ["{{ ([ mirror.client ] | flatten ) | join('","') }}"]
+{% else %}
+  client = [{% for pair in mirror.client %}["{{ pair[0] }}", "{{ pair[1] }}"]{% if not loop.last %},{% endif %}{% endfor %}]
+{% endif %}
+{% endif %}
+{% endif %}
 {% endfor %}