-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix remaining corner cases in containerd certs.d support #9341
Milestone
Comments
This was referenced Mar 4, 2024
Validated using k3s version v1.28.8-rc1+k3s1Environment DetailsInfrastructure Node(s) CPU architecture, OS, and Version:
Steps to validate
Results from reproducing the issue:
Results from validating the issue:
Passing CA cert or with insecure_skip_verify doesn’t support loading tls config from the _default/* entry.
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
There are a couple remaining issues with the new containerd registries.yaml -> certs.d transition:
certs.d/<registry>/hosts.toml
for that registry and as a result containerd will not attempt to use the provided registry endpoints, it will always go out to the default.This is kind of a strange thing to do anyway, so I doubt anyone is doing this.
The docs do not cover use of the wildcard default registry for either
mirrors
orconfigs
, and I don't know if it even worked forconfigs
previously to begin with, and the upstream docs on this are not clear as to whether or not it is expected to work: https://github.com/containerd/containerd/blob/main/docs/hosts.mdUPDATE: It appears that containerd doesn't support loading tls config from the
_default
entry.The text was updated successfully, but these errors were encountered: