diff --git a/docs/containerd.md b/docs/containerd.md index c9d18051a6e..9fd03bf2558 100644 --- a/docs/containerd.md +++ b/docs/containerd.md @@ -35,13 +35,20 @@ containerd_registries_mirrors: skip_verify: false ``` -`containerd_registries_mirrors` is ignored for pulling images when `image_command_tool=nerdctl` -(the default for `container_manager=containerd`). Use `crictl` instead, it supports -`containerd_registries_mirrors` but lacks proper multi-arch support (see -[#8375](https://github.com/kubernetes-sigs/kubespray/issues/8375)): +containerd falls back to `https://{{ prefix }}` when none of the mirrors have the image. +This can be changed with the [`server` field](https://github.com/containerd/containerd/blob/main/docs/hosts.md#server-field): ```yaml -image_command_tool: crictl +containerd_registries_mirrors: + - prefix: docker.io + mirrors: + - host: https://mirror.gcr.io + capabilities: ["pull", "resolve"] + skip_verify: false + - host: https://registry-1.docker.io + capabilities: ["pull", "resolve"] + skip_verify: false + server: https://mirror.example.org ``` The `containerd_registries` and `containerd_insecure_registries` configs are deprecated. diff --git a/roles/container-engine/containerd/templates/hosts.toml.j2 b/roles/container-engine/containerd/templates/hosts.toml.j2 index ea003ed44e7..ef63ff17af2 100644 --- a/roles/container-engine/containerd/templates/hosts.toml.j2 +++ b/roles/container-engine/containerd/templates/hosts.toml.j2 @@ -1,4 +1,4 @@ -server = "https://{{ item.prefix }}" +server = "{{ item.server | default("https://" + item.prefix) }}" {% for mirror in item.mirrors %} [host."{{ mirror.host }}"] capabilities = ["{{ ([ mirror.capabilities ] | flatten ) | join('","') }}"]