add containerd registry mirror certificate configuration #11857
Conversation
k8s-ci-robot
added
release-note
k8s-ci-robot
added
needs-ok-to-test
|
Hi @KubeKyrie. Thanks for your PR. I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
/ok-to-test |
k8s-ci-robot
added
ok-to-test
| {% if mirror.ca is string %} | ||
| ca = "{{ mirror.ca }}" | ||
| {% elif mirror.ca is sequence %} | ||
| ca = ["{{ ([ mirror.ca ] | flatten ) | join('","') }}"] |
There was a problem hiding this comment.
ca as a list is ok, such as ca: [one, two], but client is different. Client could be like client = "/etc/certs/client.pem", client = ["/etc/certs/client-1.pem", "/etc/certs/client-2.pem"] or client = [["/etc/certs/client.cert", "/etc/certs/client.key"],["/etc/certs/client.pem", ""]]
I don't know how to deal with it, could u please give me some help? Thanks.
There was a problem hiding this comment.
Is there one form which can express everything possible with containerd config ?
In that case, just use that one and don't consider the others . We don't have to be able to template the full possible form of containerd configuration, as long as we can do everything which should be possible.
There was a problem hiding this comment.
@VannTen PTAL, thanks very much.
There was a problem hiding this comment.
I think, we should use the most expressive version (#3) :
- client = "client.pem"
- client = ["client.pem"]
- client = [["client.pem", ""]]
As others can't do:
3. client = [["client.pem", "client.key"]]
KubeKyrie
force-pushed
the
add-containerd-registry-certificate
branch
from
ed099fd to
b231d30
Compare
k8s-ci-robot
added
size/XS
Signed-off-by: KubeKyrie <[email protected]>
KubeKyrie
force-pushed
the
add-containerd-registry-certificate
branch
from
b231d30 to
f05b6df
Compare
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: ant31, KubeKyrie The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
What type of PR is this?
/kind feature
What this PR does / why we need it:
Support configre containerd with private registry certificates. See https://github.com/containerd/containerd/blob/main/docs/hosts.md
And I update containerd hosts.toml to support it.
Which issue(s) this PR fixes:
Fixes #11853
Special notes for your reviewer:
I have tested all cases including
clienttype is a path or an array of paths or an array of pairs of paths.Does this PR introduce a user-facing change?: