From 21fa8b048f10c73b1be9da6d94e12398967fbedf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E8=B5=B5=E5=AE=89=E5=AE=B6?= <anjia0532@gmail.com>
Date: Fri, 7 May 2021 17:55:22 +0800
Subject: [PATCH 1/4] build(gitignore): modify .gitignore

added .idea dir to .gitignore file
---
 .gitignore | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.gitignore b/.gitignore
index 903a36e..8ccd6a5 100644
--- a/.gitignore
+++ b/.gitignore
@@ -10,3 +10,4 @@ __pycache__
 ansible.cfg
 pyratlabs-issue-dump.txt
 .cache
+/.idea/

From c9e2b619d18a40250fb421043eb6e56091b75249 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E8=B5=B5=E5=AE=89=E5=AE=B6?= <anjia0532@gmail.com>
Date: Fri, 7 May 2021 17:56:45 +0800
Subject: [PATCH 2/4] feat(k3s): support k3s's private-registry configuration

rancher doc url https://rancher.com/docs/k3s/latest/en/installation/private-registry/
---
 README.md                             |  1 +
 defaults/main.yml                     | 17 +++++++++++++++++
 tasks/build/containerd/registries.yml | 11 +++++++++++
 tasks/state-installed.yml             |  9 +++++++++
 templates/registries.yaml.j2          |  1 +
 5 files changed, 39 insertions(+)
 create mode 100644 tasks/build/containerd/registries.yml
 create mode 100644 templates/registries.yaml.j2

diff --git a/README.md b/README.md
index 016189c..6751777 100644
--- a/README.md
+++ b/README.md
@@ -76,6 +76,7 @@ consistency. These are generally cluster-level configuration.
 | `k3s_use_unsupported_config`     | Allow the use of unsupported configurations in k3s.                             | `false`                        |
 | `k3s_etcd_datastore`             | Enable etcd embedded datastore (read notes below).                              | `false`                        |
 | `k3s_debug`                      | Enable debug logging on the k3s service.                                        | `false`                        |
+| `k3s_registries`                 | Configuration containerd's registries config file.                              | `mirrors:\n configs:\n`        |
 
 ### K3S Service Configuration
 
diff --git a/defaults/main.yml b/defaults/main.yml
index b599ee8..eec4acf 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -97,3 +97,20 @@ k3s_become_for_usr_local_bin: null
 k3s_become_for_package_install: null
 k3s_become_for_kubectl: null
 k3s_become_for_uninstall: null
+
+
+k3s_registries:
+# rancher k3s doc https://rancher.com/docs/k3s/latest/en/installation/private-registry/
+  mirrors:
+#    docker.io:
+#      endpoint:
+#        - "https://mycustomreg.com:5000"
+  configs:
+#    "mycustomreg:5000":
+#      auth:
+#        username: xxxxxx # this is the registry username
+#        password: xxxxxx # this is the registry password
+#      tls:
+#        cert_file: # path to the cert file used in the registry
+#        key_file:  # path to the key file used in the registry
+#        ca_file:   # path to the ca file used in the registry
\ No newline at end of file
diff --git a/tasks/build/containerd/registries.yml b/tasks/build/containerd/registries.yml
new file mode 100644
index 0000000..c914a70
--- /dev/null
+++ b/tasks/build/containerd/registries.yml
@@ -0,0 +1,11 @@
+---
+
+- name: Ensure containerd registries file exists
+  ansible.builtin.template:
+    src: registries.yaml.j2
+    dest: "{{ k3s_config_dir }}/registries.yaml"
+    mode: 0644
+  notify:
+    - reload systemd
+    - restart k3s
+  become: "{{ k3s_become_for_install_dir | ternary(true, false, k3s_become_for_all) }}"
\ No newline at end of file
diff --git a/tasks/state-installed.yml b/tasks/state-installed.yml
index a693927..0538715 100644
--- a/tasks/state-installed.yml
+++ b/tasks/state-installed.yml
@@ -29,6 +29,15 @@
     - ('docker' in k3s_runtime_config and k3s_runtime_config.docker)
     - ('rootless' not in k3s_runtime_config or not k3s_runtime_config.rootless)
 
+
+- name: Ensure containerd installation tasks are run
+  block:
+    - include_tasks: build/containerd/registries.yml
+  when:
+    - k3s_registries is defined
+    - (k3s_runtime_config.docker is not defined or not k3s_runtime_config.docker)
+    - ('rootless' not in k3s_runtime_config or not k3s_runtime_config.rootless)
+
 - name: Flush Handlers
   meta: flush_handlers
 
diff --git a/templates/registries.yaml.j2 b/templates/registries.yaml.j2
new file mode 100644
index 0000000..b53fadd
--- /dev/null
+++ b/templates/registries.yaml.j2
@@ -0,0 +1 @@
+{{ k3s_registries | to_nice_yaml }}
\ No newline at end of file

From 075ef165c5dbc0b88d054229d4bc764e06fc6c7f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E8=B5=B5=E5=AE=89=E5=AE=B6?= <anjia0532@gmail.com>
Date: Fri, 7 May 2021 18:29:01 +0800
Subject: [PATCH 3/4] fix(k3s): fix k3s's private-registry configuration not
 exist

fix k3s's private-registry configuration not exist
---
 tasks/state-installed.yml | 17 ++++++++---------
 1 file changed, 8 insertions(+), 9 deletions(-)

diff --git a/tasks/state-installed.yml b/tasks/state-installed.yml
index 0538715..81595f5 100644
--- a/tasks/state-installed.yml
+++ b/tasks/state-installed.yml
@@ -29,15 +29,6 @@
     - ('docker' in k3s_runtime_config and k3s_runtime_config.docker)
     - ('rootless' not in k3s_runtime_config or not k3s_runtime_config.rootless)
 
-
-- name: Ensure containerd installation tasks are run
-  block:
-    - include_tasks: build/containerd/registries.yml
-  when:
-    - k3s_registries is defined
-    - (k3s_runtime_config.docker is not defined or not k3s_runtime_config.docker)
-    - ('rootless' not in k3s_runtime_config or not k3s_runtime_config.rootless)
-
 - name: Flush Handlers
   meta: flush_handlers
 
@@ -50,6 +41,14 @@
 
 - import_tasks: build/install-k3s.yml
 
+- name: Ensure containerd installation tasks are run
+  block:
+    - include_tasks: build/containerd/registries.yml
+  when:
+    - k3s_registries is defined
+    - (k3s_runtime_config.docker is not defined or not k3s_runtime_config.docker)
+    - ('rootless' not in k3s_runtime_config or not k3s_runtime_config.rootless)
+
 - include_tasks: validate/configuration/cluster-init.yml
   when:
     - k3s_control_delegate is defined

From d563dcca054e6311f171bf5ddef85c061681b95f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E8=B5=B5=E5=AE=89=E5=AE=B6?= <anjia0532@gmail.com>
Date: Sat, 8 May 2021 18:39:19 +0800
Subject: [PATCH 4/4] style(k3s): change code style

change code style
---
 README.md                             |  2 +-
 defaults/main.yml                     | 20 +++++++++++++-------
 tasks/build/containerd/registries.yml |  4 ++--
 templates/registries.yaml.j2          |  1 +
 4 files changed, 17 insertions(+), 10 deletions(-)

diff --git a/README.md b/README.md
index 6751777..ae15f10 100644
--- a/README.md
+++ b/README.md
@@ -76,7 +76,7 @@ consistency. These are generally cluster-level configuration.
 | `k3s_use_unsupported_config`     | Allow the use of unsupported configurations in k3s.                             | `false`                        |
 | `k3s_etcd_datastore`             | Enable etcd embedded datastore (read notes below).                              | `false`                        |
 | `k3s_debug`                      | Enable debug logging on the k3s service.                                        | `false`                        |
-| `k3s_registries`                 | Configuration containerd's registries config file.                              | `mirrors:\n configs:\n`        |
+| `k3s_registries`                 | Registries configuration file content.                                          | `{ mirrors: {}, configs:{} }`  |
 
 ### K3S Service Configuration
 
diff --git a/defaults/main.yml b/defaults/main.yml
index eec4acf..2219833 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -98,9 +98,10 @@ k3s_become_for_package_install: null
 k3s_become_for_kubectl: null
 k3s_become_for_uninstall: null
 
-
+# Private registry configuration.
+# Rancher k3s documentation: https://rancher.com/docs/k3s/latest/en/installation/private-registry/
 k3s_registries:
-# rancher k3s doc https://rancher.com/docs/k3s/latest/en/installation/private-registry/
+
   mirrors:
 #    docker.io:
 #      endpoint:
@@ -108,9 +109,14 @@ k3s_registries:
   configs:
 #    "mycustomreg:5000":
 #      auth:
-#        username: xxxxxx # this is the registry username
-#        password: xxxxxx # this is the registry password
+#        # this is the registry username
+#        username: xxxxxx
+#        # this is the registry password
+#        password: xxxxxx
 #      tls:
-#        cert_file: # path to the cert file used in the registry
-#        key_file:  # path to the key file used in the registry
-#        ca_file:   # path to the ca file used in the registry
\ No newline at end of file
+#        # path to the cert file used in the registry
+#        cert_file:
+#        # path to the key file used in the registry
+#        key_file:
+#        # path to the ca file used in the registry
+#        ca_file:
\ No newline at end of file
diff --git a/tasks/build/containerd/registries.yml b/tasks/build/containerd/registries.yml
index c914a70..55ba034 100644
--- a/tasks/build/containerd/registries.yml
+++ b/tasks/build/containerd/registries.yml
@@ -4,8 +4,8 @@
   ansible.builtin.template:
     src: registries.yaml.j2
     dest: "{{ k3s_config_dir }}/registries.yaml"
-    mode: 0644
+    mode: 0600
   notify:
     - reload systemd
     - restart k3s
-  become: "{{ k3s_become_for_install_dir | ternary(true, false, k3s_become_for_all) }}"
\ No newline at end of file
+  become: "{{ k3s_become_for_install_dir | ternary(true, false, k3s_become_for_all) }}"
diff --git a/templates/registries.yaml.j2 b/templates/registries.yaml.j2
index b53fadd..4adbf13 100644
--- a/templates/registries.yaml.j2
+++ b/templates/registries.yaml.j2
@@ -1 +1,2 @@
+---
 {{ k3s_registries | to_nice_yaml }}
\ No newline at end of file