Marat Talipov
3 years ago
committed by
GitHub
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with
23 additions and
0 deletions
-
inventory/sample/group_vars/all/containerd.yml
-
roles/container-engine/containerd/templates/config.toml.j2
-
roles/kubespray-defaults/defaults/main.yaml
|
|
|
@ -28,6 +28,14 @@ |
|
|
|
|
|
|
|
# containerd_metrics_grpc_histogram: false |
|
|
|
|
|
|
|
## An obvious use case is allowing insecure-registry access to self hosted registries. |
|
|
|
## Can be ipaddress and domain_name. |
|
|
|
## example define mirror.registry.io or 172.19.16.11:5000 |
|
|
|
## Port number is also needed if the default HTTPS port is not used. |
|
|
|
# containerd_insecure_registries: |
|
|
|
# - mirror.registry.io |
|
|
|
# - 172.19.16.11:5000 |
|
|
|
|
|
|
|
# containerd_registries: |
|
|
|
# "docker.io": "https://registry-1.docker.io" |
|
|
|
|
|
|
|
|
|
|
|
@ -54,6 +54,12 @@ oom_score = {{ containerd_oom_score }} |
|
|
|
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."{{ registry }}"] |
|
|
|
endpoint = ["{{ ([ addr ] | flatten ) | join('","') }}"] |
|
|
|
{% endfor %} |
|
|
|
{% for addr in containerd_insecure_registries %} |
|
|
|
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."{{ addr }}"] |
|
|
|
endpoint = ["{{ ([ addr ] | flatten ) | join('","') }}"] |
|
|
|
[plugins."io.containerd.grpc.v1.cri".registry.configs."{{ addr }}".tls] |
|
|
|
insecure_skip_verify = true |
|
|
|
{% endfor %} |
|
|
|
{% for registry in containerd_registry_auth if registry['registry'] is defined %} |
|
|
|
{% if (registry['username'] is defined and registry['password'] is defined) or registry['auth'] is defined %} |
|
|
|
[plugins."io.containerd.grpc.v1.cri".registry.configs."{{ registry['registry'] }}".auth] |
|
|
|
|
|
|
|
@ -346,6 +346,15 @@ containerd_use_systemd_cgroup: true |
|
|
|
# Docker options - this is relevant when container_manager == 'docker' |
|
|
|
docker_containerd_version: 1.4.12 |
|
|
|
|
|
|
|
## An obvious use case is allowing insecure-registry access to self hosted registries. |
|
|
|
## Can be ipaddress and domain_name. |
|
|
|
## example define mirror.registry.io or 172.19.16.11:5000 |
|
|
|
## Port number is also needed if the default HTTPS port is not used. |
|
|
|
# containerd_insecure_registries: |
|
|
|
# - mirror.registry.io |
|
|
|
# - 172.19.16.11:5000 |
|
|
|
containerd_insecure_registries: [] |
|
|
|
|
|
|
|
# Settings for containerized control plane (etcd/kubelet/secrets) |
|
|
|
# deployment type for legacy etcd mode |
|
|
|
etcd_deployment_type: host |
|
|
|
|
