From d02910c6754576e5091e98c07fbe9c136e1deb38 Mon Sep 17 00:00:00 2001
From: pando85 <pando855@gmail.com>
Date: Tue, 8 Jul 2025 08:41:27 +0200
Subject: [PATCH] Add header configuration in containerd hosts.toml (#12368)

* Add header configuration in containerd hosts.toml

Signed-off-by: Alexander Gil <pando855@gmail.com>

* Disable log output on containerd mirrors settings if required

Signed-off-by: Alexander Gil <pando855@gmail.com>

---------

Signed-off-by: Alexander Gil <pando855@gmail.com>
---
 inventory/sample/group_vars/all/containerd.yml            | 2 ++
 roles/container-engine/containerd/defaults/main.yml       | 3 ++-
 roles/container-engine/containerd/tasks/main.yml          | 2 ++
 roles/container-engine/containerd/templates/hosts.toml.j2 | 6 ++++++
 4 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/inventory/sample/group_vars/all/containerd.yml b/inventory/sample/group_vars/all/containerd.yml
index 906437df0..efa1769fc 100644
--- a/inventory/sample/group_vars/all/containerd.yml
+++ b/inventory/sample/group_vars/all/containerd.yml
@@ -50,6 +50,8 @@
 #     - host: https://registry-1.docker.io
 #       capabilities: ["pull", "resolve"]
 #       skip_verify: false
+#       header:
+#         Authorization: "Basic XXX"
 
 # containerd_max_container_log_line_size: 16384
 
diff --git a/roles/container-engine/containerd/defaults/main.yml b/roles/container-engine/containerd/defaults/main.yml
index 7f76ef331..a0865bd78 100644
--- a/roles/container-engine/containerd/defaults/main.yml
+++ b/roles/container-engine/containerd/defaults/main.yml
@@ -64,7 +64,8 @@ containerd_registries_mirrors:
         skip_verify: false
 #        ca: ["/etc/certs/mirror.pem"]
 #        client: [["/etc/certs/client.pem", ""],["/etc/certs/client.cert", "/etc/certs/client.key"]]
-
+#        header:
+#          Authorization: "Basic XXX"
 containerd_max_container_log_line_size: 16384
 
 # If enabled it will allow non root users to use port numbers <1024
diff --git a/roles/container-engine/containerd/tasks/main.yml b/roles/container-engine/containerd/tasks/main.yml
index fec1410fc..ae726b78d 100644
--- a/roles/container-engine/containerd/tasks/main.yml
+++ b/roles/container-engine/containerd/tasks/main.yml
@@ -73,6 +73,8 @@
   notify: Restart containerd
 
 - name: Containerd | Configure containerd registries
+  # mirror configuration can contain sensitive information on headers configuration
+  no_log: "{{ not (unsafe_show_logs | bool) }}"
   block:
     - name: Containerd | Create registry directories
       file:
diff --git a/roles/container-engine/containerd/templates/hosts.toml.j2 b/roles/container-engine/containerd/templates/hosts.toml.j2
index b2b16a65f..0f5b3d013 100644
--- a/roles/container-engine/containerd/templates/hosts.toml.j2
+++ b/roles/container-engine/containerd/templates/hosts.toml.j2
@@ -10,4 +10,10 @@ server = "{{ item.server | default("https://" + item.prefix) }}"
 {% if mirror.client is defined %}
   client = [{% for pair in mirror.client %}["{{ pair[0] }}", "{{ pair[1] }}"]{% if not loop.last %},{% endif %}{% endfor %}]
 {% endif %}
+{% if mirror.header is defined %}
+  [host."{{ mirror.host }}".header]
+{% for key, value in mirror.header.items() %}
+    {{ key }} = ["{{ ([ value ] | flatten ) | join('","') }}"]
+{% endfor %}
+{% endif %}
 {% endfor %}