Update config.toml.j2 (#8340)

* Update config.toml.j2 i think this commit code is not completed works exam registry address : a.com:5000 insecure registry must be http://a.com:5000 but this code add insecure a.com:5000 (without http://) If there is no http, containerd accesses with https even if insecure_skip_verify = true solution is code edit * Update config.toml.j2 * Update containerd.yml * Update containerd.yml * Update containerd.yml * Update config.toml.j2
3 years ago · dda557ed23
2 changed files with 8 additions and 5 deletions
--- a/inventory/sample/group_vars/all/containerd.yml
+++ b/inventory/sample/group_vars/all/containerd.yml
@ -33,10 +33,11 @@
 ## An obvious use case is allowing insecure-registry access to self hosted registries.
 ## Can be ipaddress and domain_name.
 ## example define mirror.registry.io or 172.19.16.11:5000
+## set "name": "url". insecure url must be started http://
 ## Port number is also needed if the default HTTPS port is not used.
 # containerd_insecure_registries:
-#   - mirror.registry.io
-#   - 172.19.16.11:5000
+#   "localhost": "http://127.0.0.1"
+#   "172.19.16.11:5000": "http://172.19.16.11:5000"

 # containerd_registries:
 #   "docker.io": "https://registry-1.docker.io"
--- a/roles/container-engine/containerd/templates/config.toml.j2
+++ b/roles/container-engine/containerd/templates/config.toml.j2
@ -54,12 +54,14 @@ oom_score = {{ containerd_oom_score }}
        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."{{ registry }}"]
          endpoint = ["{{ ([ addr ] | flatten ) | join('","') }}"]
 {% endfor %}
-{% for addr in containerd_insecure_registries %}
-        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."{{ addr }}"]
+{% if containerd_insecure_registries is defined and containerd_insecure_registries|length>0 %}
+{% for registry, addr in containerd_insecure_registries.items() %}
+        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."{{ registry }}"]
          endpoint = ["{{ ([ addr ] | flatten ) | join('","') }}"]
-        [plugins."io.containerd.grpc.v1.cri".registry.configs."{{ addr }}".tls]
+        [plugins."io.containerd.grpc.v1.cri".registry.configs."{{ registry }}".tls]
          insecure_skip_verify = true
 {% endfor %}
+{% endif %}
 {% for registry in containerd_registry_auth if registry['registry'] is defined %}
 {% if (registry['username'] is defined and registry['password'] is defined) or registry['auth'] is defined %}
      [plugins."io.containerd.grpc.v1.cri".registry.configs."{{ registry['registry'] }}".auth]