Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Release-1.28] - Fix remaining corner cases in containerd certs.d support #9637

Closed
brandond opened this issue Mar 4, 2024 · 1 comment
Closed
Assignees
Milestone

Comments

@brandond
Copy link
Member

brandond commented Mar 4, 2024

Backport fix for Fix remaining corner cases in containerd certs.d support

@ShylajaDevadiga
Copy link
Contributor

Validated using k3s version v1.28.8-rc1+k3s1

Environment Details

Infrastructure
Cloud EC2 instance

Node(s) CPU architecture, OS, and Version:
Ubuntu 22.04

$ cat /etc/rancher/k3s/registries.yaml 
---
mirrors:
  docker.io:
    endpoint:
      - https://registry.example.com
      - docker.io
  k8s.gcr.io:
    endpoint:
      - https://registry.example.com
      - k8s.gcr.io
configs:
  registry.example.com:
    auth:
      username: testusername
      password: testpassword
    tls:
      ca_file: /home/ubuntu/ca.pem

Steps to validate

  1. Configure private registry
  2. Create the registries.yaml with the last registry in the endpoint list as the default to /etc/rancher/k3s
  3. Install k3s.
  4. Validate certs.d//hosts.toml is generated

Results from reproducing the issue:

$ k3s -v
k3s version v1.28.7+k3s1 (051b14b2)
go version go1.21.7

$ sudo cat  /var/lib/rancher/k3s/agent/etc/containerd/certs.d/docker.io/hosts.toml
cat: /var/lib/rancher/k3s/agent/etc/containerd/certs.d/docker.io/hosts.toml: No such file or directory

Results from validating the issue:

$ k3s -v
k3s version v1.28.8-rc1+k3s1 (653dd61a)
go version go1.21.8

$ sudo cat  /var/lib/rancher/k3s/agent/etc/containerd/certs.d/k8s.gcr.io/hosts.toml
# File generated by k3s. DO NOT EDIT.

server = "https://k8s.gcr.io/v2"
capabilities = ["pull", "resolve", "push"]



[host."https://registry.example.com/v2"]
  capabilities = ["pull", "resolve"]
  ca = ["/home/ubuntu/ca.pem"]

$ sudo cat  /var/lib/rancher/k3s/agent/etc/containerd/certs.d/docker.io/hosts.toml
# File generated by k3s. DO NOT EDIT.

server = "https://registry-1.docker.io/v2"
capabilities = ["pull", "resolve", "push"]



[host."https://registry.example.com/v2"]
  capabilities = ["pull", "resolve"]
  ca = ["/home/ubuntu/ca.pem"]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
Archived in project
Development

No branches or pull requests

2 participants