Add support for using a host registry dir in cri#4978
Add support for using a host registry dir in cri#4978dmcgowan merged 2 commits intocontainerd:masterfrom
Conversation
|
Build succeeded.
|
There was a problem hiding this comment.
I think this should be defined as []string to allow specifying multiple directories.
The actual implementation for multi-dir can be another PR.
There was a problem hiding this comment.
agreed! hosts_dir = ["/etc/docker/certs.d", "/etc/containerd/cri/hosts"] would be great for people migrating from docker to containerd.
There was a problem hiding this comment.
sounds good to have more than one.. but may be confusing with multiple disparate config locations.. which has precedence.. do we error on overwrite. Just have to consider that complexity.
There was a problem hiding this comment.
I would argue against this for the sake of saving complexity and rather err on the admin to configure the system rather than trying to make containerd handle all possibilities.
There was a problem hiding this comment.
Maybe its not that bad if we add a helper function like func(registryHosts ...RegistryHosts) RegistryHosts.
Precedence is first match based on order of the []string
There was a problem hiding this comment.
on the prior continue when not a dir ... :-O... thx for the fix.
On the continue when it is a dir .. does docker support the use of subdirectories should we walk here?
There was a problem hiding this comment.
does docker support the use of subdirectories should we walk here?
No (or at least if it does its not intentional 😅).
There was a problem hiding this comment.
Thanks for finding this and adding tests :)
There was a problem hiding this comment.
sounds good to have more than one.. but may be confusing with multiple disparate config locations.. which has precedence.. do we error on overwrite. Just have to consider that complexity.
There was a problem hiding this comment.
if we are going to override all of this registry section.. we should consider doing it at the containerd config level and deprecate the cri registry config
There was a problem hiding this comment.
What's the "right" way to do this deprecation?
TBH I tried to make both work but its pretty tricky and I thought likely not worth the effort.
|
Looks like I let this one slip through the cracks as well, there were a few items in my version of this which I think would be needed here as well to have a smoother transition (containerd/cri#1533) |
|
Pulled in @dmcgowan's changes from containerd/cri#1533 |
|
Build succeeded.
|
There was a problem hiding this comment.
Thanks for finding this and adding tests :)
|
Build succeeded.
|
There was a problem hiding this comment.
Can we change the path to /etc/containerd/certs.d ?
Non-CRI apps such as nerdctl will want to use the same path
There was a problem hiding this comment.
Also, that should be in the default config
There was a problem hiding this comment.
I think the reason we aren't making it default is because it causes us to ignore other configs.
There was a problem hiding this comment.
Updated the comment to use /etc/containerd/certs.d
|
Can we have a first commit as a separate PR, so that we can merge it now and cherry-pick into 1.4? |
|
ping @cpuguy83 I'd like to see this included in v1.5 🙏 |
|
Opened #5186 with just the fixes, as requested. |
|
This should have all requested changes in, except for @AkihiroSuda's request to turn it on by default for cri since this ends up overwriting other configs. |
|
Build succeeded.
|
The certs dir parsing was skipping over files instead of reading them, as such the certs would never load. It was also stating the file name rather than the full path for cert pairs. Signed-off-by: Brian Goff <[email protected]>
This will be used instead of the cri registry config in the main config toml. --- Also pulls in changes from containerd/cri@d0b4eec Signed-off-by: Brian Goff <[email protected]>
|
Build succeeded.
|
|
Is this supported in v1.4.4? |
|
No, this is in v1.5 |
6 participants
Exposes the hosts dir config to CRI.
This will be used instead of the cri registry config in the main config toml.
Also fixes some bugs with the docker style cert file handling.
Closes #3071
Closes #4904