Containerd Subordinate Charm

containerd charm configure to support for unsecure private registry (http)

Bug #1872949 reported by Zhanglei Mao
14
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Containerd Subordinate Charm
Fix Released
Medium
Unassigned

Bug Description

The private registry shared by http ( not https) can not be used or correctly configure via
juju config custom_registries configure option

To reproduce it as:
juju config custom_registries a http private registry
and create a pod with it, it would still try to download with https and failed.

George Kraft (cynerva)
Changed in charm-containerd:
status: New → Confirmed
Revision history for this message
Tim Van Steenburgh (tvansteenburgh) wrote :

Unfortunately this behavior is caused by a bug in containerd, see https://github.com/containerd/cri/issues/1433.

George Kraft (cynerva)
Changed in charm-containerd:
importance: Undecided → High
status: Confirmed → Triaged
George Kraft (cynerva)
Changed in charm-containerd:
importance: High → Medium
Revision history for this message
Joe Guo (guoqiao) wrote :

Hi Tim,

As I can see containerd bug #1443 is now fixed.
However, I think there is also a bug in charm template[1]:

```
    [plugins.cri.registry]
      [plugins.cri.registry.mirrors]
        [plugins.cri.registry.mirrors."docker.io"]
          endpoint = ["https://registry-1.docker.io"]
    {% if custom_registries %}
      [plugins.cri.registry.auths]
      {% for registry in custom_registries %}
        {% if registry.username and registry.password %}
        [plugins.cri.registry.auths."{{ registry.url }}"]
          username = "{{ registry.username }}"
          password = "{{ registry.password }}"
        {% endif %}
      {% endfor %}
      [plugins.cri.registry.configs]
      {% for registry in custom_registries %}
        {% if registry.ca or registry.cert or registry.key or registry.insecure_skip_verify %}
        [plugins.cri.registry.configs."{{ registry.url }}".tls]
          ca_file = "{{ registry.ca if registry.ca else '' }}"
          cert_file = "{{ registry.cert if registry.cert else '' }}"
          key_file = "{{ registry.key if registry.key else '' }}"
          insecure_skip_verify = {{ "true" if registry.insecure_skip_verify else "false" }}
        {% endif %}
      {% endfor %}
    {%
```

According to doc[2], we expect config like this for new registry:

    [plugins.cri.registry]
      [plugins.cri.registry.mirrors]
        ...
        [plugins.cri.registry.mirrors."34.235.169.214:5000"]
          endpoint = ["http://34.235.169.214:5000"]
        ...

However, that is not rendered by template at all.

[0]: https://jaas.ai/u/containers/containerd#charm-config-custom_registries
[1]: https://github.com/charmed-kubernetes/charm-containerd/blob/a35726e8f908ba8fef5fc9000c0e5ee850ac9ae0/templates/config.toml#L63
[2]: https://github.com/containerd/cri/blob/master/docs/registry.md#configure-registry-endpoint

Revision history for this message
Adam Dyess (addyess) wrote :

This should be resolved as of
https://github.com/charmed-kubernetes/charm-containerd/pull/43

Changed in charm-containerd:
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.