Browse Source

Merge "[k8s-fcos] Fix insecure registry"

changes/26/765126/2
Zuul 2 months ago
committed by Gerrit Code Review
parent
commit
14aa6830da
6 changed files with 52 additions and 9 deletions
  1. +3
    -3
      magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh
  2. +3
    -3
      magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-minion.sh
  3. +15
    -3
      magnum/drivers/k8s_fedora_coreos_v1/templates/fcct-config.yaml
  4. +8
    -0
      magnum/drivers/k8s_fedora_coreos_v1/templates/kubemaster.yaml
  5. +8
    -0
      magnum/drivers/k8s_fedora_coreos_v1/templates/kubeminion.yaml
  6. +15
    -0
      magnum/drivers/k8s_fedora_coreos_v1/templates/user_data.json

+ 3
- 3
magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh View File

@ -450,11 +450,11 @@ if [ -f /etc/sysconfig/docker ] ; then
sed -i 's/\-\-log\-driver\=journald//g' /etc/sysconfig/docker
# json-file is required for conformance.
# https://docs.docker.com/config/containers/logging/json-file/
sed -i -E 's/^OPTIONS=("|'"'"')/OPTIONS=\1--log-driver=json-file --log-opt max-size=10m --log-opt max-file=5 /' /etc/sysconfig/docker
DOCKER_OPTIONS="--log-driver=json-file --log-opt max-size=10m --log-opt max-file=5"
if [ -n "${INSECURE_REGISTRY_URL}" ]; then
echo "INSECURE_REGISTRY='--insecure-registry ${INSECURE_REGISTRY_URL}'" >> /etc/sysconfig/docker
DOCKER_OPTIONS="${DOCKER_OPTIONS} --insecure-registry ${INSECURE_REGISTRY_URL}"
fi
sed -i -E 's/^OPTIONS=("|'"'"')/OPTIONS=\1'"${DOCKER_OPTIONS}"' /' /etc/sysconfig/docker
fi
KUBELET_ARGS="${KUBELET_ARGS} --network-plugin=cni --cni-conf-dir=/etc/cni/net.d --cni-bin-dir=/opt/cni/bin"


+ 3
- 3
magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-minion.sh View File

@ -263,11 +263,11 @@ if [ -f /etc/sysconfig/docker ] ; then
sed -i 's/\-\-log\-driver\=journald//g' /etc/sysconfig/docker
# json-file is required for conformance.
# https://docs.docker.com/config/containers/logging/json-file/
sed -i -E 's/^OPTIONS=("|'"'"')/OPTIONS=\1--log-driver=json-file --log-opt max-size=10m --log-opt max-file=5 /' /etc/sysconfig/docker
DOCKER_OPTIONS="--log-driver=json-file --log-opt max-size=10m --log-opt max-file=5"
if [ -n "${INSECURE_REGISTRY_URL}" ]; then
echo "INSECURE_REGISTRY='--insecure-registry ${INSECURE_REGISTRY_URL}'" >> /etc/sysconfig/docker
DOCKER_OPTIONS="${DOCKER_OPTIONS} --insecure-registry ${INSECURE_REGISTRY_URL}"
fi
sed -i -E 's/^OPTIONS=("|'"'"')/OPTIONS=\1'"${DOCKER_OPTIONS}"' /' /etc/sysconfig/docker
fi
KUBELET_ARGS="${KUBELET_ARGS} --pod-infra-container-image=${CONTAINER_INFRA_PREFIX:-gcr.io/google_containers/}pause:3.1"


+ 15
- 3
magnum/drivers/k8s_fedora_coreos_v1/templates/fcct-config.yaml View File

@ -5,9 +5,9 @@
#
# You can use podman or docker to generate the ignition formatted json:
# podman run --rm \
# -v ./fcct-config.yaml:/config.fcc:z \
# quay.io/coreos/fcct:release \
# --pretty --strict --input /config.fcc > ./user_data.json
# -v $(pwd)/fcct-config.yaml:/config.fcc \
# quay.io/coreos/fcct:release \
# --pretty --strict /config.fcc > ./user_data.json
#
# [0] https://github.com/coreos/fcct
# [1] https://github.com/coreos/fedora-coreos-docs/blob/master/modules/ROOT/pages/producing-ign.adoc
@ -69,6 +69,18 @@ storage:
# -1 is unlimited
# 50m
max_log_size = 52428800
- path: /etc/containers/__REGISTRIES_CONF__
# 420 (decimal) == 644 (octal)
mode: 420
user:
name: root
group:
name: root
append:
- inline: |
[[registry]]
location = "__INSECURE_REGISTRY_URL__"
insecure = true
- path: /etc/hostname
# 420 (decimal) == 644 (octal)
mode: 420


+ 8
- 0
magnum/drivers/k8s_fedora_coreos_v1/templates/kubemaster.yaml View File

@ -708,6 +708,14 @@ resources:
__HTTPS_PROXY__: {get_param: https_proxy}
__NO_PROXY__: {get_param: no_proxy}
__SELINUX_MODE__: {get_param: selinux_mode}
__INSECURE_REGISTRY_URL__: {get_param: insecure_registry_url}
__REGISTRIES_CONF__:
if:
- equals:
- get_param: insecure_registry_url
- ""
- ".registries.conf"
- "registries.conf"
master_config:
type: OS::Heat::SoftwareConfig


+ 8
- 0
magnum/drivers/k8s_fedora_coreos_v1/templates/kubeminion.yaml View File

@ -402,6 +402,14 @@ resources:
__HTTPS_PROXY__: {get_param: https_proxy}
__NO_PROXY__: {get_param: no_proxy}
__SELINUX_MODE__: {get_param: selinux_mode}
__INSECURE_REGISTRY_URL__: {get_param: insecure_registry_url}
__REGISTRIES_CONF__:
if:
- equals:
- get_param: insecure_registry_url
- ""
- ".registries.conf"
- "registries.conf"
######################################################################
#


+ 15
- 0
magnum/drivers/k8s_fedora_coreos_v1/templates/user_data.json View File

@ -63,6 +63,21 @@
},
"mode": 420
},
{
"group": {
"name": "root"
},
"path": "/etc/containers/__REGISTRIES_CONF__",
"user": {
"name": "root"
},
"append": [
{
"source": "data:,%5B%5Bregistry%5D%5D%0Alocation%20%3D%20%22__INSECURE_REGISTRY_URL__%22%0Ainsecure%20%3D%20true%0A"
}
],
"mode": 420
},
{
"group": {
"name": "root"


Loading…
Cancel
Save