diff --git a/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh b/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh index 88d3b3e861..91252b607a 100644 --- a/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh +++ b/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-master.sh @@ -450,11 +450,11 @@ if [ -f /etc/sysconfig/docker ] ; then sed -i 's/\-\-log\-driver\=journald//g' /etc/sysconfig/docker # json-file is required for conformance. # https://docs.docker.com/config/containers/logging/json-file/ - sed -i -E 's/^OPTIONS=("|'"'"')/OPTIONS=\1--log-driver=json-file --log-opt max-size=10m --log-opt max-file=5 /' /etc/sysconfig/docker - + DOCKER_OPTIONS="--log-driver=json-file --log-opt max-size=10m --log-opt max-file=5" if [ -n "${INSECURE_REGISTRY_URL}" ]; then - echo "INSECURE_REGISTRY='--insecure-registry ${INSECURE_REGISTRY_URL}'" >> /etc/sysconfig/docker + DOCKER_OPTIONS="${DOCKER_OPTIONS} --insecure-registry ${INSECURE_REGISTRY_URL}" fi + sed -i -E 's/^OPTIONS=("|'"'"')/OPTIONS=\1'"${DOCKER_OPTIONS}"' /' /etc/sysconfig/docker fi KUBELET_ARGS="${KUBELET_ARGS} --network-plugin=cni --cni-conf-dir=/etc/cni/net.d --cni-bin-dir=/opt/cni/bin" diff --git a/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-minion.sh b/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-minion.sh index 2f47c43ef2..7a52e56ff0 100644 --- a/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-minion.sh +++ b/magnum/drivers/common/templates/kubernetes/fragments/configure-kubernetes-minion.sh @@ -263,11 +263,11 @@ if [ -f /etc/sysconfig/docker ] ; then sed -i 's/\-\-log\-driver\=journald//g' /etc/sysconfig/docker # json-file is required for conformance. # https://docs.docker.com/config/containers/logging/json-file/ - sed -i -E 's/^OPTIONS=("|'"'"')/OPTIONS=\1--log-driver=json-file --log-opt max-size=10m --log-opt max-file=5 /' /etc/sysconfig/docker - + DOCKER_OPTIONS="--log-driver=json-file --log-opt max-size=10m --log-opt max-file=5" if [ -n "${INSECURE_REGISTRY_URL}" ]; then - echo "INSECURE_REGISTRY='--insecure-registry ${INSECURE_REGISTRY_URL}'" >> /etc/sysconfig/docker + DOCKER_OPTIONS="${DOCKER_OPTIONS} --insecure-registry ${INSECURE_REGISTRY_URL}" fi + sed -i -E 's/^OPTIONS=("|'"'"')/OPTIONS=\1'"${DOCKER_OPTIONS}"' /' /etc/sysconfig/docker fi KUBELET_ARGS="${KUBELET_ARGS} --pod-infra-container-image=${CONTAINER_INFRA_PREFIX:-gcr.io/google_containers/}pause:3.1" diff --git a/magnum/drivers/k8s_fedora_coreos_v1/templates/fcct-config.yaml b/magnum/drivers/k8s_fedora_coreos_v1/templates/fcct-config.yaml index c31c0dbdcf..47896f675a 100644 --- a/magnum/drivers/k8s_fedora_coreos_v1/templates/fcct-config.yaml +++ b/magnum/drivers/k8s_fedora_coreos_v1/templates/fcct-config.yaml @@ -5,9 +5,9 @@ # # You can use podman or docker to generate the ignition formatted json: # podman run --rm \ -# -v ./fcct-config.yaml:/config.fcc:z \ -# quay.io/coreos/fcct:release \ -# --pretty --strict --input /config.fcc > ./user_data.json +# -v $(pwd)/fcct-config.yaml:/config.fcc \ +# quay.io/coreos/fcct:release \ +# --pretty --strict /config.fcc > ./user_data.json # # [0] https://github.com/coreos/fcct # [1] https://github.com/coreos/fedora-coreos-docs/blob/master/modules/ROOT/pages/producing-ign.adoc @@ -69,6 +69,18 @@ storage: # -1 is unlimited # 50m max_log_size = 52428800 + - path: /etc/containers/__REGISTRIES_CONF__ + # 420 (decimal) == 644 (octal) + mode: 420 + user: + name: root + group: + name: root + append: + - inline: | + [[registry]] + location = "__INSECURE_REGISTRY_URL__" + insecure = true - path: /etc/hostname # 420 (decimal) == 644 (octal) mode: 420 diff --git a/magnum/drivers/k8s_fedora_coreos_v1/templates/kubemaster.yaml b/magnum/drivers/k8s_fedora_coreos_v1/templates/kubemaster.yaml index 4ee303358e..f5b06c3f2d 100644 --- a/magnum/drivers/k8s_fedora_coreos_v1/templates/kubemaster.yaml +++ b/magnum/drivers/k8s_fedora_coreos_v1/templates/kubemaster.yaml @@ -708,6 +708,14 @@ resources: __HTTPS_PROXY__: {get_param: https_proxy} __NO_PROXY__: {get_param: no_proxy} __SELINUX_MODE__: {get_param: selinux_mode} + __INSECURE_REGISTRY_URL__: {get_param: insecure_registry_url} + __REGISTRIES_CONF__: + if: + - equals: + - get_param: insecure_registry_url + - "" + - ".registries.conf" + - "registries.conf" master_config: type: OS::Heat::SoftwareConfig diff --git a/magnum/drivers/k8s_fedora_coreos_v1/templates/kubeminion.yaml b/magnum/drivers/k8s_fedora_coreos_v1/templates/kubeminion.yaml index 3e4f040272..f058b87daf 100644 --- a/magnum/drivers/k8s_fedora_coreos_v1/templates/kubeminion.yaml +++ b/magnum/drivers/k8s_fedora_coreos_v1/templates/kubeminion.yaml @@ -402,6 +402,14 @@ resources: __HTTPS_PROXY__: {get_param: https_proxy} __NO_PROXY__: {get_param: no_proxy} __SELINUX_MODE__: {get_param: selinux_mode} + __INSECURE_REGISTRY_URL__: {get_param: insecure_registry_url} + __REGISTRIES_CONF__: + if: + - equals: + - get_param: insecure_registry_url + - "" + - ".registries.conf" + - "registries.conf" ###################################################################### # diff --git a/magnum/drivers/k8s_fedora_coreos_v1/templates/user_data.json b/magnum/drivers/k8s_fedora_coreos_v1/templates/user_data.json index 898292e9b4..acd54ff6c5 100644 --- a/magnum/drivers/k8s_fedora_coreos_v1/templates/user_data.json +++ b/magnum/drivers/k8s_fedora_coreos_v1/templates/user_data.json @@ -63,6 +63,21 @@ }, "mode": 420 }, + { + "group": { + "name": "root" + }, + "path": "/etc/containers/__REGISTRIES_CONF__", + "user": { + "name": "root" + }, + "append": [ + { + "source": "data:,%5B%5Bregistry%5D%5D%0Alocation%20%3D%20%22__INSECURE_REGISTRY_URL__%22%0Ainsecure%20%3D%20true%0A" + } + ], + "mode": 420 + }, { "group": { "name": "root"