cri-o registry auth support (#7837)
* cri-o registry auth support * yaml lint for comments * crio_registry_auth from registry_auth * crio_registry_auth as defaults
This commit is contained in:
kranthi guttikonda
GitHub
parent
e1967b0700
commit
81bf4f9304
5 changed files with 37 additions and 1 deletions
6
inventory/sample/group_vars/all/cri-o.yml
Normal file
6
inventory/sample/group_vars/all/cri-o.yml
Normal file
|
|
@ -0,0 +1,6 @@
|
||||||
|
# crio_insecure_registries:
|
||||||
|
# - 10.0.0.2:5000
|
||||||
|
# crio_registry_auth:
|
||||||
|
# - registry: 10.0.0.2:5000
|
||||||
|
# username: user
|
||||||
|
# password: pass
|
||||||
|
|
@ -14,6 +14,12 @@ crio_registries: []
|
||||||
# Configure insecure registries.
|
# Configure insecure registries.
|
||||||
crio_insecure_registries: []
|
crio_insecure_registries: []
|
||||||
|
|
||||||
|
# Configure registry auth (if applicable to secure/insecure registries)
|
||||||
|
crio_registry_auth: []
|
||||||
|
# - registry: 10.0.0.2:5000
|
||||||
|
# username: user
|
||||||
|
# password: pass
|
||||||
|
|
||||||
# Define registiries mirror
|
# Define registiries mirror
|
||||||
|
|
||||||
crio_registries_mirrors: []
|
crio_registries_mirrors: []
|
||||||
|
|
|
||||||
|
|
@ -80,6 +80,12 @@
|
||||||
mode: 0644
|
mode: 0644
|
||||||
register: config_install
|
register: config_install
|
||||||
|
|
||||||
|
- name: Install config.json
|
||||||
|
template:
|
||||||
|
src: config.json.j2
|
||||||
|
dest: /etc/crio/config.json
|
||||||
|
register: reg_auth_install
|
||||||
|
|
||||||
- name: Add skopeo pkg to install
|
- name: Add skopeo pkg to install
|
||||||
set_fact:
|
set_fact:
|
||||||
crio_packages: "{{ crio_packages + skopeo_packages }}"
|
crio_packages: "{{ crio_packages + skopeo_packages }}"
|
||||||
|
|
@ -198,6 +204,7 @@
|
||||||
state: restarted
|
state: restarted
|
||||||
when:
|
when:
|
||||||
- config_install.changed
|
- config_install.changed
|
||||||
|
- reg_auth_install.changed
|
||||||
- not package_install.changed
|
- not package_install.changed
|
||||||
- not service_start.changed
|
- not service_start.changed
|
||||||
|
|
||||||
|
|
|
||||||
17
roles/container-engine/cri-o/templates/config.json.j2
Normal file
17
roles/container-engine/cri-o/templates/config.json.j2
Normal file
|
|
@ -0,0 +1,17 @@
|
||||||
|
{% if crio_registry_auth is defined and crio_registry_auth|length %}
|
||||||
|
{
|
||||||
|
{% for reg in crio_registry_auth %}
|
||||||
|
"auths": {
|
||||||
|
"{{ reg.registry }}": {
|
||||||
|
"auth": "{{ (reg.username + ':' + reg.password) | string | b64encode }}"
|
||||||
|
}
|
||||||
|
{% if not loop.last %}
|
||||||
|
},
|
||||||
|
{% else %}
|
||||||
|
}
|
||||||
|
{% endif %}
|
||||||
|
{% endfor %}
|
||||||
|
}
|
||||||
|
{% else %}
|
||||||
|
{}
|
||||||
|
{% endif %}
|
||||||
|
|
@ -313,7 +313,7 @@ default_transport = "docker://"
|
||||||
|
|
||||||
# The path to a file containing credentials necessary for pulling images from
|
# The path to a file containing credentials necessary for pulling images from
|
||||||
# secure registries. The file is similar to that of /var/lib/kubelet/config.json
|
# secure registries. The file is similar to that of /var/lib/kubelet/config.json
|
||||||
global_auth_file = ""
|
global_auth_file = "/etc/crio/config.json"
|
||||||
|
|
||||||
# The image used to instantiate infra containers.
|
# The image used to instantiate infra containers.
|
||||||
# This option supports live configuration reload.
|
# This option supports live configuration reload.
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue