-
Notifications
You must be signed in to change notification settings - Fork 258
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Registry TLS configuration from registries.yaml is only honored for mirror endpoints #5658
Comments
Hi, |
As a temporary solution, download rke2 exec version 1.27.11+rke2r1 from releases and override |
Upstream issue containerd/containerd#10027 |
This is being tracked in k3s, as that is where the code in question lives: k3s-io/k3s#9839. This will be resolved when we pull through K3s updates for our next release cycle. If possible, I would suggest using the workaround at k3s-io/k3s#9839 (comment). However this will only work if your registry namespace does not already include a port:
|
Using
|
SURE-8103 |
@brandond Can we have this in a |
No, we are not planning on doing an r2 for this. Upstream patches will be out next week, and there are two possible workarounds available on the current release. |
Encounter with the problem where Skip TLS Verifications can't work properly when provisioning RKE2 and K3s clusters by Rancher v2.8.3. The workaround above worked for me. For anyone who uses Rancher to provision RKE2 or K3s cluster and needs to configure Skip TLS or pass the CA cert, follow the steps below:
![]()
![]() |
Validated on master branch with version v1.29.4-rc1+rke2r1Environment DetailsInfrastructure
Node(s) CPU architecture, OS, and Version:
Cluster Configuration:
or
Config.yaml:
registries.yaml:
test-image.yaml:
Testing Steps
Replication Results:
Pod Events:
Validation Results:
Pod Events:
Check hosts.toml file contents for host section:
|
Environmental Info:
RKE2 Version:
v1.27.12+rke2r1
Node(s) CPU architecture, OS, and Version:
x86,CentOS7
Cluster Configuration:
any configuration can reproduce
Describe the bug:
config Containerd registry with following configuration in
/etc/rancher/rke2/registries.yaml
which generate containerd configuration in
/var/lib/rancher/rke2/agent/etc/containerd/certs.d/192.168.2.74:31443/hosts.toml
andskip_verify
not workIt seems rke2 1.27.12+rke2r1 generate
hosts.toml
in wrong format, 1.27.10+rke2r1 generate followinghosts.toml
and working fine.also change
hosts.toml
to upper format letskip_verify
works but restart rke2-server/rke2-agent will overwrite it with wrong one.Steps To Reproduce:
/etc/rancher/rke2/registries.yaml
/var/lib/rancher/rke2/agent/etc/containerd/certs.d/192.168.2.74:31443/hosts.toml
The text was updated successfully, but these errors were encountered: