Merge pull request #114 from anjia0532/k3s_private_registry

Support k3s private registry configuration
PyratLabs · May 13, 2021 · 2b7fd37 · 2b7fd37
2 parents a298ea0 + d563dcc
commit 2b7fd37
Show file tree

Hide file tree

Showing 6 changed files with 46 additions and 0 deletions.
diff --git a/.gitignore b/.gitignore
@@ -10,3 +10,4 @@ __pycache__
 ansible.cfg
 pyratlabs-issue-dump.txt
 .cache
+/.idea/
diff --git a/README.md b/README.md
@@ -76,6 +76,7 @@ consistency. These are generally cluster-level configuration.
 | `k3s_use_unsupported_config`     | Allow the use of unsupported configurations in k3s.                             | `false`                        |
 | `k3s_etcd_datastore`             | Enable etcd embedded datastore (read notes below).                              | `false`                        |
 | `k3s_debug`                      | Enable debug logging on the k3s service.                                        | `false`                        |
+| `k3s_registries`                 | Registries configuration file content.                                          | `{ mirrors: {}, configs:{} }`  |
 
 ### K3S Service Configuration
 

diff --git a/defaults/main.yml b/defaults/main.yml
@@ -97,3 +97,26 @@ k3s_become_for_usr_local_bin: null
 k3s_become_for_package_install: null
 k3s_become_for_kubectl: null
 k3s_become_for_uninstall: null
+
+# Private registry configuration.
+# Rancher k3s documentation: https://rancher.com/docs/k3s/latest/en/installation/private-registry/
+k3s_registries:
+
+  mirrors:
+#    docker.io:
+#      endpoint:
+#        - "https://mycustomreg.com:5000"
+  configs:
+#    "mycustomreg:5000":
+#      auth:
+#        # this is the registry username
+#        username: xxxxxx
+#        # this is the registry password
+#        password: xxxxxx
+#      tls:
+#        # path to the cert file used in the registry
+#        cert_file:
+#        # path to the key file used in the registry
+#        key_file:
+#        # path to the ca file used in the registry
+#        ca_file:
diff --git a/tasks/build/containerd/registries.yml b/tasks/build/containerd/registries.yml
@@ -0,0 +1,11 @@
+---
+
+- name: Ensure containerd registries file exists
+  ansible.builtin.template:
+    src: registries.yaml.j2
+    dest: "{{ k3s_config_dir }}/registries.yaml"
+    mode: 0600
+  notify:
+    - reload systemd
+    - restart k3s
+  become: "{{ k3s_become_for_install_dir | ternary(true, false, k3s_become_for_all) }}"
diff --git a/tasks/state-installed.yml b/tasks/state-installed.yml
@@ -41,6 +41,14 @@
 
 - import_tasks: build/install-k3s.yml
 
+- name: Ensure containerd installation tasks are run
+  block:
+    - include_tasks: build/containerd/registries.yml
+  when:
+    - k3s_registries is defined
+    - (k3s_runtime_config.docker is not defined or not k3s_runtime_config.docker)
+    - ('rootless' not in k3s_runtime_config or not k3s_runtime_config.rootless)
+
 - include_tasks: validate/configuration/cluster-init.yml
   when:
     - k3s_control_delegate is defined

diff --git a/templates/registries.yaml.j2 b/templates/registries.yaml.j2
@@ -0,0 +1,2 @@
+---
+{{ k3s_registries | to_nice_yaml }}
-Original file line number
+Diff line change
@@ Expand Up / @@ -10,3 +10,4 @@ __pycache__ @@
     ansible.cfg
     pyratlabs-issue-dump.txt
     .cache
+    /.idea/