feat(k3s): support k3s's private-registry configuration

rancher doc url https://rancher.com/docs/k3s/latest/en/installation/private-registry/
2024-11-05 13:23:30 +01:00 · 2021-05-07 17:56:45 +08:00 · 2021-05-07 17:56:45 +08:00 · c9e2b619d1
commit c9e2b619d1
parent 21fa8b048f
5 changed files with 39 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -76,6 +76,7 @@ consistency. These are generally cluster-level configuration.
 | `k3s_use_unsupported_config`     | Allow the use of unsupported configurations in k3s.                             | `false`                        |
 | `k3s_etcd_datastore`             | Enable etcd embedded datastore (read notes below).                              | `false`                        |
 | `k3s_debug`                      | Enable debug logging on the k3s service.                                        | `false`                        |
+| `k3s_registries`                 | Configuration containerd's registries config file.                              | `mirrors:\n configs:\n`        |

 ### K3S Service Configuration

--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -97,3 +97,20 @@ k3s_become_for_usr_local_bin: null
 k3s_become_for_package_install: null
 k3s_become_for_kubectl: null
 k3s_become_for_uninstall: null
+
+
+k3s_registries:
+# rancher k3s doc https://rancher.com/docs/k3s/latest/en/installation/private-registry/
+  mirrors:
+#    docker.io:
+#      endpoint:
+#        - "https://mycustomreg.com:5000"
+  configs:
+#    "mycustomreg:5000":
+#      auth:
+#        username: xxxxxx # this is the registry username
+#        password: xxxxxx # this is the registry password
+#      tls:
+#        cert_file: # path to the cert file used in the registry
+#        key_file:  # path to the key file used in the registry
+#        ca_file:   # path to the ca file used in the registry
--- a/tasks/build/containerd/registries.yml
+++ b/tasks/build/containerd/registries.yml
@ -0,0 +1,11 @@
+---
+
+- name: Ensure containerd registries file exists
+  ansible.builtin.template:
+    src: registries.yaml.j2
+    dest: "{{ k3s_config_dir }}/registries.yaml"
+    mode: 0644
+  notify:
+    - reload systemd
+    - restart k3s
+  become: "{{ k3s_become_for_install_dir | ternary(true, false, k3s_become_for_all) }}"
--- a/tasks/state-installed.yml
+++ b/tasks/state-installed.yml
@ -29,6 +29,15 @@
    - ('docker' in k3s_runtime_config and k3s_runtime_config.docker)
    - ('rootless' not in k3s_runtime_config or not k3s_runtime_config.rootless)

+
+- name: Ensure containerd installation tasks are run
+  block:
+    - include_tasks: build/containerd/registries.yml
+  when:
+    - k3s_registries is defined
+    - (k3s_runtime_config.docker is not defined or not k3s_runtime_config.docker)
+    - ('rootless' not in k3s_runtime_config or not k3s_runtime_config.rootless)
+
 - name: Flush Handlers
  meta: flush_handlers

--- a/templates/registries.yaml.j2
+++ b/templates/registries.yaml.j2
@ -0,0 +1 @@
+{{ k3s_registries | to_nice_yaml }}