Skip to content

Patch: Generic Containerd mirror support #203

New issue
New issue
Closed
#292
Closed
Patch: Generic Containerd mirror support#203
#292
Assignees
supershal
@dkoshkin

Description

@dkoshkin
dkoshkin
opened on Oct 2, 2023

Extend the image registries API to also enable Containerd mirror.

spec:
  topology:
    variables:
      - name: clusterConfig
        value:
          imageRegistries:
            credentials: 
              - url: https://my-registry.io
                secretRef:
                    name: <optional ref to a Secret that holds the credentials>
                mirror:
                    caSecretRef:
                      name: <optional ref to a Secret that holds a self signed CA>

A an image registry can either be configured to pass credentials (already implemented), a Containerd mirror or both.

  1. Just a Containerd mirror, see here. Note how the server is removed since we want to still fallback to upstream registry if image not found in the mirror:
$ tree /etc/containerd/certs.d
/etc/containerd/certs.d
└── _default
    └── hosts.toml

$ cat /etc/containerd/certs.d/_default/hosts.toml

[host."https://my-registry.io"]
  capabilities = ["pull", "resolve"]
  1. Both a Containerd mirror and credentials provider:
    Configure same as above for 1 and after here add
          mirror:
            endpoint: "my-registry.io"
            credentialsStrategy: MirrorCredentialsOnly

Pay special attention to the format the URL is expected in, e.g. with port, with path, etc.

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions