update tls template config for containerd 1.3.x #34
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
https://bugs.launchpad.net/charm-containerd/+bug/1853653
Containerd updated the
config.toml
sections related totls
in 1.3.x:containerd/cri#1227
This affects our ability to relate
containerd
units todocker-registry
units that have tls enabled. This PR updates the config template to use the current 1.3.x syntax.Without this:
With it:
$ sudo ./crictl --runtime-endpoint=unix:///var/run/containerd/containerd.sock pull 172.31.20.67:5000/defaultbackend-amd64:1.5 Image is up to date for sha256:b5af743e598496e8ebd7a6eb3fea76a6464041581520d1c2315c95f993287303
Note 1: Afaict,
containerd-1.2.x
(which ships with xenial) never supported custom tls with a registry. Even with these tls bits in theconfig.toml
of a xenial deployment, they don't appear in the runtime config:We could introduce a new template variable based on the apt version and only render 1.3 bits when running 1.3. I didn't do that here because it seemed unnecessary since invalid config is silently ignored.
Note 2: The
auths
section of theconfig.toml
has also had a syntax change; the old syntax is deprecated, but still works for 1.3.x. I opted to leave the old syntax in place to ensure any xenial (containerd 1.2.x) deployments would continue to work if upgraded to this charm.