Skip to content

Commit

Permalink
Merge pull request #357 from alknopfler/fix-issue-with-registry
Browse files Browse the repository at this point in the history
Fix issue with registries required fields
  • Loading branch information
alexander-demicev authored Jul 10, 2024
2 parents ad8a159 + c4ba227 commit d7a687a
Show file tree
Hide file tree
Showing 2 changed files with 26 additions and 19 deletions.
37 changes: 22 additions & 15 deletions pkg/rke2/registries.go
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,9 @@ const (
DefaultRKE2RegistriesLocation string = "/etc/rancher/rke2/registries.yaml"

registryCertsPath string = "/etc/rancher/rke2/tls"
cacert string = "ca.crt"
tlskey string = "tls.key"
tlscert string = "tls.crt"
)

// GenerateRegistries generates the registries.yaml file and the corresponding
Expand Down Expand Up @@ -69,24 +72,28 @@ func GenerateRegistries(rke2ConfigRegistry RegistryScope) (*Registry, []bootstra
return &Registry{}, []bootstrapv1.File{}, err
}

for _, secretEntry := range []string{"tls.crt", "tls.key", "ca.crt"} {
if tlsSecret.Data[secretEntry] == nil {
rke2ConfigRegistry.Logger.Error(err, "TLS Secret for the registry is missing entries!", "secret-missing-entry", secretEntry)

return &Registry{}, []bootstrapv1.File{}, err
registryConfig.TLS = &TLSConfig{}

for _, secretEntry := range []string{tlscert, tlskey, cacert} {
if tlsSecret.Data[secretEntry] != nil {
files = append(files, bootstrapv1.File{
Path: registryCertsPath + "/" + secretEntry,
Content: string(tlsSecret.Data[secretEntry]),
})

switch secretEntry {
case tlscert:
registryConfig.TLS.CertFile = registryCertsPath + "/" + tlscert
case tlskey:
registryConfig.TLS.KeyFile = registryCertsPath + "/" + tlskey
case cacert:
registryConfig.TLS.CAFile = registryCertsPath + "/" + cacert
}
}

files = append(files, bootstrapv1.File{
Path: registryCertsPath + "/" + secretEntry,
Content: string(tlsSecret.Data[secretEntry]),
})
}

registryConfig.TLS = &TLSConfig{
InsecureSkipVerify: regConfig.TLS.InsecureSkipVerify,
CAFile: registryCertsPath + "/" + "ca.crt",
CertFile: registryCertsPath + "/" + "tls.crt",
KeyFile: registryCertsPath + "/" + "tls.key",
if regConfig.TLS.InsecureSkipVerify {
registryConfig.TLS.InsecureSkipVerify = regConfig.TLS.InsecureSkipVerify
}
}

Expand Down
8 changes: 4 additions & 4 deletions pkg/rke2/registries_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -54,10 +54,10 @@ type AuthConfig struct {

// TLSConfig contains the CA/Cert/Key used for a registry.
type TLSConfig struct {
CAFile string `json:"ca_file" toml:"ca_file" yaml:"ca_file"`
CertFile string `json:"cert_file" toml:"cert_file" yaml:"cert_file"`
KeyFile string `json:"key_file" toml:"key_file" yaml:"key_file"`
InsecureSkipVerify bool `json:"insecure_skip_verify" toml:"insecure_skip_verify" yaml:"insecure_skip_verify"`
CAFile string `json:"ca_file,omitempty" toml:"ca_file" yaml:"ca_file,omitempty"`
CertFile string `json:"cert_file,omitempty" toml:"cert_file" yaml:"cert_file,omitempty"`
KeyFile string `json:"key_file,omitempty" toml:"key_file" yaml:"key_file,omitempty"`
InsecureSkipVerify bool `json:"insecure_skip_verify,omitempty" toml:"insecure_skip_verify" yaml:"insecure_skip_verify,omitempty"`
}

// Registry is registry settings including mirrors, TLS, and credentials.
Expand Down

0 comments on commit d7a687a

Please sign in to comment.