Update containerd registry.local configuration
As part of bootstrap, k8s.gcr.io/pause:3.2 is pulled via crictl from registry.local with explicitly provided credentials. If this image is manually removed or removed due to garbage collection, containerd is unable to pull it from registry.local. Provide a complete registry.local configuration by: - Completing the configuration values for the TLS configuration. - Adding the auth setting for the auth configuration. Change-Id: I52529bb42cda64612a1c202b250db9135241ccc0 Partial-Bug: #1881353 Signed-off-by: Robert Church <robert.church@windriver.com>
This commit is contained in:
parent
3d48bb182e
commit
048a95bf15
|
@ -61,6 +61,12 @@ class platform::containerd::config
|
|||
# get cni bin directory
|
||||
$k8s_cni_bin_dir = $::platform::kubernetes::params::k8s_cni_bin_dir
|
||||
|
||||
# generate the registry auth
|
||||
$registry_auth = chomp(
|
||||
base64('encode',
|
||||
join([$::platform::dockerdistribution::params::registry_username,
|
||||
$::platform::dockerdistribution::params::registry_password], ':')))
|
||||
|
||||
if $::platform::network::mgmt::params::subnet_version == $::platform::params::ipv6 {
|
||||
$stream_server_address = '::1'
|
||||
} else {
|
||||
|
|
|
@ -85,15 +85,9 @@ oom_score = 0
|
|||
<%- end -%>
|
||||
# End of insecure registries
|
||||
[plugins.cri.registry.configs."registry.local:9001".tls]
|
||||
ca_file = "/etc/ssl/private/registry-cert.crt"
|
||||
cert_file = ""
|
||||
key_file = ""
|
||||
ca_file = "/etc/ssl/private/registry-cert.crt"
|
||||
[plugins.cri.registry.configs."registry.local:9001".auth]
|
||||
username = ""
|
||||
password = ""
|
||||
auth = ""
|
||||
identitytoken = ""
|
||||
|
||||
auth = "<%= @registry_auth %>"
|
||||
[plugins.cri.x509_key_pair_streaming]
|
||||
tls_cert_file = ""
|
||||
tls_key_file = ""
|
||||
|
|
Loading…
Reference in New Issue