Merge "[k8s-fcos] Fix insecure registry"
This commit is contained in:
commit
14aa6830da
|
@ -450,11 +450,11 @@ if [ -f /etc/sysconfig/docker ] ; then
|
|||
sed -i 's/\-\-log\-driver\=journald//g' /etc/sysconfig/docker
|
||||
# json-file is required for conformance.
|
||||
# https://docs.docker.com/config/containers/logging/json-file/
|
||||
sed -i -E 's/^OPTIONS=("|'"'"')/OPTIONS=\1--log-driver=json-file --log-opt max-size=10m --log-opt max-file=5 /' /etc/sysconfig/docker
|
||||
|
||||
DOCKER_OPTIONS="--log-driver=json-file --log-opt max-size=10m --log-opt max-file=5"
|
||||
if [ -n "${INSECURE_REGISTRY_URL}" ]; then
|
||||
echo "INSECURE_REGISTRY='--insecure-registry ${INSECURE_REGISTRY_URL}'" >> /etc/sysconfig/docker
|
||||
DOCKER_OPTIONS="${DOCKER_OPTIONS} --insecure-registry ${INSECURE_REGISTRY_URL}"
|
||||
fi
|
||||
sed -i -E 's/^OPTIONS=("|'"'"')/OPTIONS=\1'"${DOCKER_OPTIONS}"' /' /etc/sysconfig/docker
|
||||
fi
|
||||
|
||||
KUBELET_ARGS="${KUBELET_ARGS} --network-plugin=cni --cni-conf-dir=/etc/cni/net.d --cni-bin-dir=/opt/cni/bin"
|
||||
|
|
|
@ -263,11 +263,11 @@ if [ -f /etc/sysconfig/docker ] ; then
|
|||
sed -i 's/\-\-log\-driver\=journald//g' /etc/sysconfig/docker
|
||||
# json-file is required for conformance.
|
||||
# https://docs.docker.com/config/containers/logging/json-file/
|
||||
sed -i -E 's/^OPTIONS=("|'"'"')/OPTIONS=\1--log-driver=json-file --log-opt max-size=10m --log-opt max-file=5 /' /etc/sysconfig/docker
|
||||
|
||||
DOCKER_OPTIONS="--log-driver=json-file --log-opt max-size=10m --log-opt max-file=5"
|
||||
if [ -n "${INSECURE_REGISTRY_URL}" ]; then
|
||||
echo "INSECURE_REGISTRY='--insecure-registry ${INSECURE_REGISTRY_URL}'" >> /etc/sysconfig/docker
|
||||
DOCKER_OPTIONS="${DOCKER_OPTIONS} --insecure-registry ${INSECURE_REGISTRY_URL}"
|
||||
fi
|
||||
sed -i -E 's/^OPTIONS=("|'"'"')/OPTIONS=\1'"${DOCKER_OPTIONS}"' /' /etc/sysconfig/docker
|
||||
fi
|
||||
|
||||
KUBELET_ARGS="${KUBELET_ARGS} --pod-infra-container-image=${CONTAINER_INFRA_PREFIX:-gcr.io/google_containers/}pause:3.1"
|
||||
|
|
|
@ -5,9 +5,9 @@
|
|||
#
|
||||
# You can use podman or docker to generate the ignition formatted json:
|
||||
# podman run --rm \
|
||||
# -v ./fcct-config.yaml:/config.fcc:z \
|
||||
# quay.io/coreos/fcct:release \
|
||||
# --pretty --strict --input /config.fcc > ./user_data.json
|
||||
# -v $(pwd)/fcct-config.yaml:/config.fcc \
|
||||
# quay.io/coreos/fcct:release \
|
||||
# --pretty --strict /config.fcc > ./user_data.json
|
||||
#
|
||||
# [0] https://github.com/coreos/fcct
|
||||
# [1] https://github.com/coreos/fedora-coreos-docs/blob/master/modules/ROOT/pages/producing-ign.adoc
|
||||
|
@ -69,6 +69,18 @@ storage:
|
|||
# -1 is unlimited
|
||||
# 50m
|
||||
max_log_size = 52428800
|
||||
- path: /etc/containers/__REGISTRIES_CONF__
|
||||
# 420 (decimal) == 644 (octal)
|
||||
mode: 420
|
||||
user:
|
||||
name: root
|
||||
group:
|
||||
name: root
|
||||
append:
|
||||
- inline: |
|
||||
[[registry]]
|
||||
location = "__INSECURE_REGISTRY_URL__"
|
||||
insecure = true
|
||||
- path: /etc/hostname
|
||||
# 420 (decimal) == 644 (octal)
|
||||
mode: 420
|
||||
|
|
|
@ -708,6 +708,14 @@ resources:
|
|||
__HTTPS_PROXY__: {get_param: https_proxy}
|
||||
__NO_PROXY__: {get_param: no_proxy}
|
||||
__SELINUX_MODE__: {get_param: selinux_mode}
|
||||
__INSECURE_REGISTRY_URL__: {get_param: insecure_registry_url}
|
||||
__REGISTRIES_CONF__:
|
||||
if:
|
||||
- equals:
|
||||
- get_param: insecure_registry_url
|
||||
- ""
|
||||
- ".registries.conf"
|
||||
- "registries.conf"
|
||||
|
||||
master_config:
|
||||
type: OS::Heat::SoftwareConfig
|
||||
|
|
|
@ -402,6 +402,14 @@ resources:
|
|||
__HTTPS_PROXY__: {get_param: https_proxy}
|
||||
__NO_PROXY__: {get_param: no_proxy}
|
||||
__SELINUX_MODE__: {get_param: selinux_mode}
|
||||
__INSECURE_REGISTRY_URL__: {get_param: insecure_registry_url}
|
||||
__REGISTRIES_CONF__:
|
||||
if:
|
||||
- equals:
|
||||
- get_param: insecure_registry_url
|
||||
- ""
|
||||
- ".registries.conf"
|
||||
- "registries.conf"
|
||||
|
||||
######################################################################
|
||||
#
|
||||
|
|
|
@ -63,6 +63,21 @@
|
|||
},
|
||||
"mode": 420
|
||||
},
|
||||
{
|
||||
"group": {
|
||||
"name": "root"
|
||||
},
|
||||
"path": "/etc/containers/__REGISTRIES_CONF__",
|
||||
"user": {
|
||||
"name": "root"
|
||||
},
|
||||
"append": [
|
||||
{
|
||||
"source": "data:,%5B%5Bregistry%5D%5D%0Alocation%20%3D%20%22__INSECURE_REGISTRY_URL__%22%0Ainsecure%20%3D%20true%0A"
|
||||
}
|
||||
],
|
||||
"mode": 420
|
||||
},
|
||||
{
|
||||
"group": {
|
||||
"name": "root"
|
||||
|
|
Loading…
Reference in New Issue