Allow airgapped CRI-O installation (#6927)
This commit is contained in:
parent
97ff67e54a
commit
17fb1ceed8
3 changed files with 15 additions and 2 deletions
|
@ -11,6 +11,9 @@ crio_pause_image: "{{ pod_infra_image_repo }}:{{ pod_infra_version }}"
|
||||||
# By default unqualified images are not allowed for security reasons
|
# By default unqualified images are not allowed for security reasons
|
||||||
crio_registries: []
|
crio_registries: []
|
||||||
|
|
||||||
|
# Configure insecure registries.
|
||||||
|
crio_insecure_registries: []
|
||||||
|
|
||||||
crio_seccomp_profile: ""
|
crio_seccomp_profile: ""
|
||||||
crio_selinux: "{{ (preinstall_selinux_state == 'enforcing')|lower }}"
|
crio_selinux: "{{ (preinstall_selinux_state == 'enforcing')|lower }}"
|
||||||
crio_signature_policy: "{% if ansible_os_family == 'ClearLinux' %}/usr/share/defaults/crio/policy.json{% endif %}"
|
crio_signature_policy: "{% if ansible_os_family == 'ClearLinux' %}/usr/share/defaults/crio/policy.json{% endif %}"
|
||||||
|
@ -50,3 +53,7 @@ kata_runtimes:
|
||||||
path: /opt/kata/bin/kata-qemu
|
path: /opt/kata/bin/kata-qemu
|
||||||
type: oci
|
type: oci
|
||||||
root: /run/kata-containers
|
root: /run/kata-containers
|
||||||
|
|
||||||
|
# When this is true, CRI-O package repositories are added. Set this to false when using an
|
||||||
|
# environment with preconfigured CRI-O package repositories.
|
||||||
|
crio_add_repos: true
|
||||||
|
|
|
@ -39,7 +39,9 @@
|
||||||
- (ansible_distribution_major_version | int) >= 31
|
- (ansible_distribution_major_version | int) >= 31
|
||||||
- ansible_proc_cmdline['systemd.unified_cgroup_hierarchy'] is not defined or ansible_proc_cmdline['systemd.unified_cgroup_hierarchy'] != '0'
|
- ansible_proc_cmdline['systemd.unified_cgroup_hierarchy'] is not defined or ansible_proc_cmdline['systemd.unified_cgroup_hierarchy'] != '0'
|
||||||
|
|
||||||
- import_tasks: "crio_repo.yml"
|
- name: import crio repo
|
||||||
|
import_tasks: "crio_repo.yml"
|
||||||
|
when: crio_add_repos
|
||||||
|
|
||||||
- import_tasks: "crictl.yml"
|
- import_tasks: "crictl.yml"
|
||||||
|
|
||||||
|
|
|
@ -339,7 +339,11 @@ signature_policy = "{{ crio_signature_policy }}"
|
||||||
# List of registries to skip TLS verification for pulling images. Please
|
# List of registries to skip TLS verification for pulling images. Please
|
||||||
# consider configuring the registries via /etc/containers/registries.conf before
|
# consider configuring the registries via /etc/containers/registries.conf before
|
||||||
# changing them here.
|
# changing them here.
|
||||||
#insecure_registries = "[]"
|
insecure_registries = [
|
||||||
|
{% for insecure_registry in crio_insecure_registries %}
|
||||||
|
"{{ insecure_registry }}",
|
||||||
|
{% endfor %}
|
||||||
|
]
|
||||||
|
|
||||||
# Controls how image volumes are handled. The valid values are mkdir, bind and
|
# Controls how image volumes are handled. The valid values are mkdir, bind and
|
||||||
# ignore; the latter will ignore volumes entirely.
|
# ignore; the latter will ignore volumes entirely.
|
||||||
|
|
Loading…
Reference in a new issue