add crio registry mirror support (#6977)

* add crio registry mirror support

* mdlint fix
This commit is contained in:
Sergey 2020-12-04 00:57:25 +03:00 committed by GitHub
parent d315f73080
commit ed6cef85d8
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 66 additions and 2 deletions

View file

@ -8,7 +8,7 @@ Kubespray supports basic functionality for using CRI-O as the default container
_To use the CRI-O container runtime set the following variables:_ _To use the CRI-O container runtime set the following variables:_
## all.yml ## all/all.yml
```yaml ```yaml
download_container: false download_container: false
@ -16,7 +16,7 @@ skip_downloads: false
etcd_kubeadm_enabled: true etcd_kubeadm_enabled: true
``` ```
## k8s-cluster.yml ## k8s-cluster/k8s-cluster.yml
```yaml ```yaml
container_manager: crio container_manager: crio
@ -28,4 +28,21 @@ container_manager: crio
etcd_deployment_type: host # optionally and mutually exclusive with etcd_kubeadm_enabled etcd_deployment_type: host # optionally and mutually exclusive with etcd_kubeadm_enabled
``` ```
## all/crio.yml
Enable docker hub registry mirrors
```yaml
crio_registries_mirrors:
- prefix: docker.io
insecure: false
blocked: false
location: registry-1.docker.io
mirrors:
- location: 192.168.100.100:5000
insecure: true
- location: mirror.gcr.io
insecure: false
```
[CRI-O]: https://cri-o.io/ [CRI-O]: https://cri-o.io/

View file

@ -14,6 +14,19 @@ crio_registries: []
# Configure insecure registries. # Configure insecure registries.
crio_insecure_registries: [] crio_insecure_registries: []
# Define registiries mirror
crio_registries_mirrors: []
# - prefix: docker.io
# insecure: false
# blocked: false
# location: registry-1.docker.io
# mirrors:
# - location: 172.20.100.52:5000
# insecure: true
# - location: mirror.gcr.io
# insecure: false
crio_seccomp_profile: "" crio_seccomp_profile: ""
crio_selinux: "{{ (preinstall_selinux_state == 'enforcing')|lower }}" crio_selinux: "{{ (preinstall_selinux_state == 'enforcing')|lower }}"
crio_signature_policy: "{% if ansible_os_family == 'ClearLinux' %}/usr/share/defaults/crio/policy.json{% endif %}" crio_signature_policy: "{% if ansible_os_family == 'ClearLinux' %}/usr/share/defaults/crio/policy.json{% endif %}"

View file

@ -145,6 +145,20 @@
- ansible_distribution == "CentOS" - ansible_distribution == "CentOS"
- ansible_distribution_major_version == "7" - ansible_distribution_major_version == "7"
- name: Create directory registries configs
file:
path: /etc/containers/registries.conf.d
state: directory
owner: root
mode: 0755
- name: Write registries mirror configs
template:
src: registry-mirror.conf.j2
dest: "/etc/containers/registries.conf.d/{{ item.prefix }}.conf"
loop: "{{ crio_registries_mirrors }}"
notify: restart crio
- name: Write cri-o proxy drop-in - name: Write cri-o proxy drop-in
template: template:
src: http-proxy.conf.j2 src: http-proxy.conf.j2

View file

@ -0,0 +1,11 @@
[[registry]]
prefix = "{{ item.prefix }}"
insecure = {{ item.insecure | d('false') | string | lower }}
blocked = {{ item.blocked | d('false') | string | lower }}
location = "{{ item.location | d(item.prefix) }}"
{% for mirror in item.mirrors %}
[[registry.mirror]]
location = "{{ mirror.location }}"
insecure = {{ mirror.insecure | d ('false') | string | lower }}
{% endfor %}

View file

@ -13,3 +13,12 @@ containerd_config:
- "https://mirror.gcr.io" - "https://mirror.gcr.io"
- "https://registry-1.docker.io" - "https://registry-1.docker.io"
max_container_log_line_size: -1 max_container_log_line_size: -1
crio_registries_mirrors:
- prefix: docker.io
insecure: false
blocked: false
location: registry-1.docker.io
mirrors:
- location: mirror.gcr.io
insecure: false