Update containerd registry.local configuration

As part of bootstrap, k8s.gcr.io/pause:3.2 is pulled via crictl from
registry.local with explicitly provided credentials. If this image is
manually removed or removed due to garbage collection, containerd is
unable to pull it from registry.local.

Provide a complete registry.local configuration by:
 - Completing the configuration values for the TLS configuration.
 - Adding the auth setting for the auth configuration.

Change-Id: I52529bb42cda64612a1c202b250db9135241ccc0
Partial-Bug: #1881353
Signed-off-by: Robert Church <robert.church@windriver.com>

puppet-manifests/src/modules/platform/manifests/containerd.pp

@@ -61,6 +61,12 @@ class platform::containerd::config
   # get cni bin directory
   $k8s_cni_bin_dir = $::platform::kubernetes::params::k8s_cni_bin_dir
 
+  # generate the registry auth
+  $registry_auth = chomp(
+    base64('encode',
+      join([$::platform::dockerdistribution::params::registry_username,
+            $::platform::dockerdistribution::params::registry_password], ':')))
+
   if $::platform::network::mgmt::params::subnet_version == $::platform::params::ipv6 {
     $stream_server_address = '::1'
   } else {

puppet-manifests/src/modules/platform/templates/config.toml.erb

@@ -85,15 +85,9 @@ oom_score = 0
 <%- end -%>
         # End of insecure registries
     [plugins.cri.registry.configs."registry.local:9001".tls]
-      ca_file   = "/etc/ssl/private/registry-cert.crt"
-      cert_file = ""
-      key_file  = ""
+      ca_file = "/etc/ssl/private/registry-cert.crt"
     [plugins.cri.registry.configs."registry.local:9001".auth]
-      username = ""
-      password = ""
-      auth = ""
-      identitytoken = ""
-
+      auth = "<%= @registry_auth %>"
     [plugins.cri.x509_key_pair_streaming]
       tls_cert_file = ""
       tls_key_file = ""