diff --git a/pkg/rke2/registries.go b/pkg/rke2/registries.go index 6b949742..fef023d0 100644 --- a/pkg/rke2/registries.go +++ b/pkg/rke2/registries.go @@ -29,6 +29,9 @@ const ( DefaultRKE2RegistriesLocation string = "/etc/rancher/rke2/registries.yaml" registryCertsPath string = "/etc/rancher/rke2/tls" + cacert string = "ca.crt" + tlskey string = "tls.key" + tlscert string = "tls.crt" ) // GenerateRegistries generates the registries.yaml file and the corresponding @@ -69,24 +72,28 @@ func GenerateRegistries(rke2ConfigRegistry RegistryScope) (*Registry, []bootstra return &Registry{}, []bootstrapv1.File{}, err } - for _, secretEntry := range []string{"tls.crt", "tls.key", "ca.crt"} { - if tlsSecret.Data[secretEntry] == nil { - rke2ConfigRegistry.Logger.Error(err, "TLS Secret for the registry is missing entries!", "secret-missing-entry", secretEntry) - - return &Registry{}, []bootstrapv1.File{}, err + registryConfig.TLS = &TLSConfig{} + + for _, secretEntry := range []string{tlscert, tlskey, cacert} { + if tlsSecret.Data[secretEntry] != nil { + files = append(files, bootstrapv1.File{ + Path: registryCertsPath + "/" + secretEntry, + Content: string(tlsSecret.Data[secretEntry]), + }) + + switch secretEntry { + case tlscert: + registryConfig.TLS.CertFile = registryCertsPath + "/" + tlscert + case tlskey: + registryConfig.TLS.KeyFile = registryCertsPath + "/" + tlskey + case cacert: + registryConfig.TLS.CAFile = registryCertsPath + "/" + cacert + } } - - files = append(files, bootstrapv1.File{ - Path: registryCertsPath + "/" + secretEntry, - Content: string(tlsSecret.Data[secretEntry]), - }) } - registryConfig.TLS = &TLSConfig{ - InsecureSkipVerify: regConfig.TLS.InsecureSkipVerify, - CAFile: registryCertsPath + "/" + "ca.crt", - CertFile: registryCertsPath + "/" + "tls.crt", - KeyFile: registryCertsPath + "/" + "tls.key", + if regConfig.TLS.InsecureSkipVerify { + registryConfig.TLS.InsecureSkipVerify = regConfig.TLS.InsecureSkipVerify } } diff --git a/pkg/rke2/registries_types.go b/pkg/rke2/registries_types.go index 16a24227..f0e72707 100644 --- a/pkg/rke2/registries_types.go +++ b/pkg/rke2/registries_types.go @@ -54,10 +54,10 @@ type AuthConfig struct { // TLSConfig contains the CA/Cert/Key used for a registry. type TLSConfig struct { - CAFile string `json:"ca_file" toml:"ca_file" yaml:"ca_file"` - CertFile string `json:"cert_file" toml:"cert_file" yaml:"cert_file"` - KeyFile string `json:"key_file" toml:"key_file" yaml:"key_file"` - InsecureSkipVerify bool `json:"insecure_skip_verify" toml:"insecure_skip_verify" yaml:"insecure_skip_verify"` + CAFile string `json:"ca_file,omitempty" toml:"ca_file" yaml:"ca_file,omitempty"` + CertFile string `json:"cert_file,omitempty" toml:"cert_file" yaml:"cert_file,omitempty"` + KeyFile string `json:"key_file,omitempty" toml:"key_file" yaml:"key_file,omitempty"` + InsecureSkipVerify bool `json:"insecure_skip_verify,omitempty" toml:"insecure_skip_verify" yaml:"insecure_skip_verify,omitempty"` } // Registry is registry settings including mirrors, TLS, and credentials.