add crio registry mirror support (#6977)

* add crio registry mirror support * mdlint fix
4 years ago · ed6cef85d8
5 changed files with 66 additions and 2 deletions
--- a/docs/cri-o.md
+++ b/docs/cri-o.md
@ -8,7 +8,7 @@ Kubespray supports basic functionality for using CRI-O as the default container

 _To use the CRI-O container runtime set the following variables:_

-## all.yml
+## all/all.yml

 ```yaml
 download_container: false
@ -16,7 +16,7 @@ skip_downloads: false
 etcd_kubeadm_enabled: true
 ```

-## k8s-cluster.yml
+## k8s-cluster/k8s-cluster.yml

 ```yaml
 container_manager: crio
@ -28,4 +28,21 @@ container_manager: crio
 etcd_deployment_type: host # optionally and mutually exclusive with etcd_kubeadm_enabled
 ```

+## all/crio.yml
+
+Enable docker hub registry mirrors
+
+```yaml
+crio_registries_mirrors:
+  - prefix: docker.io
+    insecure: false
+    blocked: false
+    location: registry-1.docker.io
+    mirrors:
+      - location: 192.168.100.100:5000
+        insecure: true
+      - location: mirror.gcr.io
+        insecure: false
+```
+
 [CRI-O]: https://cri-o.io/
--- a/roles/container-engine/cri-o/defaults/main.yml
+++ b/roles/container-engine/cri-o/defaults/main.yml
@ -14,6 +14,19 @@ crio_registries: []
 # Configure insecure registries.
 crio_insecure_registries: []

+# Define registiries mirror
+
+crio_registries_mirrors: []
+#  - prefix: docker.io
+#    insecure: false
+#    blocked: false
+#    location: registry-1.docker.io
+#    mirrors:
+#      - location: 172.20.100.52:5000
+#        insecure: true
+#      - location: mirror.gcr.io
+#        insecure: false
+
 crio_seccomp_profile: ""
 crio_selinux: "{{ (preinstall_selinux_state == 'enforcing')|lower }}"
 crio_signature_policy: "{% if ansible_os_family == 'ClearLinux' %}/usr/share/defaults/crio/policy.json{% endif %}"
--- a/roles/container-engine/cri-o/tasks/main.yaml
+++ b/roles/container-engine/cri-o/tasks/main.yaml
@ -145,6 +145,20 @@
    - ansible_distribution == "CentOS"
    - ansible_distribution_major_version == "7"

+- name: Create directory registries configs
+  file:
+    path: /etc/containers/registries.conf.d
+    state: directory
+    owner: root
+    mode: 0755
+
+- name: Write registries mirror configs
+  template:
+    src: registry-mirror.conf.j2
+    dest: "/etc/containers/registries.conf.d/{{ item.prefix }}.conf"
+  loop: "{{ crio_registries_mirrors }}"
+  notify: restart crio
+
 - name: Write cri-o proxy drop-in
  template:
    src: http-proxy.conf.j2
--- a/roles/container-engine/cri-o/templates/registry-mirror.conf.j2
+++ b/roles/container-engine/cri-o/templates/registry-mirror.conf.j2
@ -0,0 +1,11 @@
+[[registry]]
+prefix = "{{ item.prefix }}"
+insecure = {{ item.insecure | d('false') | string | lower }}
+blocked = {{ item.blocked | d('false') | string | lower }}
+location = "{{ item.location | d(item.prefix) }}"
+{% for mirror in item.mirrors %}
+
+[[registry.mirror]]
+location = "{{ mirror.location }}"
+insecure = {{ mirror.insecure | d ('false') | string | lower }}
+{% endfor %}
--- a/tests/common/_docker_hub_registry_mirror.yml
+++ b/tests/common/_docker_hub_registry_mirror.yml
@ -13,3 +13,12 @@ containerd_config:
      - "https://mirror.gcr.io"
      - "https://registry-1.docker.io"
  max_container_log_line_size: -1
+
+crio_registries_mirrors:
+  - prefix: docker.io
+    insecure: false
+    blocked: false
+    location: registry-1.docker.io
+    mirrors:
+      - location: mirror.gcr.io
+        insecure: false