verify cert data can be specified per-registry in custom_registries config
Bug #1879347 reported by
Adam Dyess
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Containerd Subordinate Charm |
Fix Released
|
High
|
Kevin W Monroe |
Bug Description
WRT to LP:1831153
This other LP was a suggestion to allow configuration of private cert data through base64 encoded file passed as a single config option.
The containerd charm allows `custom_registries` to be provided as a list of json, but the cert data isn't represented in the json model.
Conversely, different 'custom registries' will have different cert data.
Could you extend the json model of custom_registries to allow providing base64 file data?
Changed in charm-containerd: | |
importance: | Undecided → Medium |
status: | New → Triaged |
tags: | added: review-needed |
Changed in charm-containerd: | |
importance: | Medium → High |
Changed in charm-containerd: | |
milestone: | none → 1.18+ck1 |
Changed in charm-containerd: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
working with @kwmonroe yesterday
we downloaded crictl to tmp and were able to use it to pull images once we got the config correct:
# list images /run/containerd /containerd. sock images
/tmp/crictl -r -r unix://
# delete images /run/containerd /containerd. sock delete my.custom. registry/ busybox: latest
/tmp/crictl -r -r unix://
# pull images /run/containerd /containerd. sock pull my.custom. registry/ busybox: latest
/tmp/crictl -r -r unix://
With these tools we were able to determine the appropriate config necessary for a custom_registry that was using a self-signed cert
I can use the charm's current config
juju config containerd \ registries= '[{"url" : "my.custom. registry" , "username": "*****", "password": "********"}]'
custom_
to create MOST of the config, but what i can't specify is the ca_file
I am proposing a new config option like this registries= '[{"url" : "my.custom. registry" , "username": "*****", "password": "********" registry. pem)'"} ]'
juju config containerd \
custom_
"ca_file": "'$(base64 < my.custom.
so that the charm does this: plugins. cri.registry. configs]
[plugins. cri.registry. configs. "my.custom. registry" .tls] d/my.custom. registry. pem"
[
ca_file = "/etc/container
creates a file on the filesystem /etc/containerd /my.custom. registry. pem
with the value of the base64.b64_decode( ca_file_config )