Browse Source
cri-o registry auth support (#7837)
* cri-o registry auth support
* yaml lint for comments
* crio_registry_auth from registry_auth
* crio_registry_auth as defaults
pull/7933/head
kranthi guttikonda
3 years ago
committed by
GitHub
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with
37 additions and
1 deletions
-
inventory/sample/group_vars/all/cri-o.yml
-
roles/container-engine/cri-o/defaults/main.yml
-
roles/container-engine/cri-o/tasks/main.yaml
-
roles/container-engine/cri-o/templates/config.json.j2
-
roles/container-engine/cri-o/templates/crio.conf.j2
|
|
|
@ -0,0 +1,6 @@ |
|
|
|
# crio_insecure_registries: |
|
|
|
# - 10.0.0.2:5000 |
|
|
|
# crio_registry_auth: |
|
|
|
# - registry: 10.0.0.2:5000 |
|
|
|
# username: user |
|
|
|
# password: pass |
|
|
|
@ -14,6 +14,12 @@ crio_registries: [] |
|
|
|
# Configure insecure registries. |
|
|
|
crio_insecure_registries: [] |
|
|
|
|
|
|
|
# Configure registry auth (if applicable to secure/insecure registries) |
|
|
|
crio_registry_auth: [] |
|
|
|
# - registry: 10.0.0.2:5000 |
|
|
|
# username: user |
|
|
|
# password: pass |
|
|
|
|
|
|
|
# Define registiries mirror |
|
|
|
|
|
|
|
crio_registries_mirrors: [] |
|
|
|
|
|
|
|
@ -80,6 +80,12 @@ |
|
|
|
mode: 0644 |
|
|
|
register: config_install |
|
|
|
|
|
|
|
- name: Install config.json |
|
|
|
template: |
|
|
|
src: config.json.j2 |
|
|
|
dest: /etc/crio/config.json |
|
|
|
register: reg_auth_install |
|
|
|
|
|
|
|
- name: Add skopeo pkg to install |
|
|
|
set_fact: |
|
|
|
crio_packages: "{{ crio_packages + skopeo_packages }}" |
|
|
|
@ -198,6 +204,7 @@ |
|
|
|
state: restarted |
|
|
|
when: |
|
|
|
- config_install.changed |
|
|
|
- reg_auth_install.changed |
|
|
|
- not package_install.changed |
|
|
|
- not service_start.changed |
|
|
|
|
|
|
|
|
|
|
|
@ -0,0 +1,17 @@ |
|
|
|
{% if crio_registry_auth is defined and crio_registry_auth|length %} |
|
|
|
{ |
|
|
|
{% for reg in crio_registry_auth %} |
|
|
|
"auths": { |
|
|
|
"{{ reg.registry }}": { |
|
|
|
"auth": "{{ (reg.username + ':' + reg.password) | string | b64encode }}" |
|
|
|
} |
|
|
|
{% if not loop.last %} |
|
|
|
}, |
|
|
|
{% else %} |
|
|
|
} |
|
|
|
{% endif %} |
|
|
|
{% endfor %} |
|
|
|
} |
|
|
|
{% else %} |
|
|
|
{} |
|
|
|
{% endif %} |
|
|
|
@ -313,7 +313,7 @@ default_transport = "docker://" |
|
|
|
|
|
|
|
# The path to a file containing credentials necessary for pulling images from |
|
|
|
# secure registries. The file is similar to that of /var/lib/kubelet/config.json |
|
|
|
global_auth_file = "" |
|
|
|
global_auth_file = "/etc/crio/config.json" |
|
|
|
|
|
|
|
# The image used to instantiate infra containers. |
|
|
|
# This option supports live configuration reload. |
|
|
|
|
