From d0c4251e06b06b088613ea8eeeb072e8ec9f3754 Mon Sep 17 00:00:00 2001 From: Danny Bessems Date: Mon, 3 Apr 2023 21:37:09 +0200 Subject: [PATCH] Configure registry mirrors on workload-cluster nodes;Test ansible collection paths #2 --- .drone.yml | 2 +- .../workloadcluster/tasks/clusterapi.yml | 4 +++ .../kustomization.cluster-template.j2 | 36 +++++++++++++++++++ packer/build.pkr.hcl | 1 + 4 files changed, 42 insertions(+), 1 deletion(-) diff --git a/.drone.yml b/.drone.yml index 7d68124..f5c154c 100644 --- a/.drone.yml +++ b/.drone.yml @@ -41,7 +41,7 @@ steps: - | ansible-galaxy collection install \ -r ansible/requirements.yml \ - -p ./ansible + -p ./ansible/collections volumes: - name: scratch path: /scratch diff --git a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/clusterapi.yml b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/clusterapi.yml index 68f92cb..6d0dbff 100644 --- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/clusterapi.yml +++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/workloadcluster/tasks/clusterapi.yml @@ -82,6 +82,10 @@ rootca: "{{ stepca_cm_certs.resources[0].data['root_ca.crt'] }}" runcmds: - update-ca-certificates + registries: + # This should obviously be a dynamic list, but testing first! + - docker.io + - gcr.io - name: Store custom cluster-template ansible.builtin.copy: diff --git a/ansible/roles/firstboot/files/ansible_payload/bootstrap/templates/kustomization.cluster-template.j2 b/ansible/roles/firstboot/files/ansible_payload/bootstrap/templates/kustomization.cluster-template.j2 index 03b8206..e116fd7 100644 --- a/ansible/roles/firstboot/files/ansible_payload/bootstrap/templates/kustomization.cluster-template.j2 +++ b/ansible/roles/firstboot/files/ansible_payload/bootstrap/templates/kustomization.cluster-template.j2 @@ -47,6 +47,21 @@ patchesStrategicMerge: template: spec: files: + - content: | + [plugins."io.containerd.grpc.v1.cri".registry] + config_path = "/etc/containerd/certs.d" + append: true + path: /etc/containerd/config.toml +{% for registry in _template.registries %} + - content: | + server = "https://{{ registry }}" + + [host."https://registry.{{ _template.network.fqdn }}/v2/library/{{ registry }}"] + capabilities = ["pull", "resolve"] + override_path = true + owner: root:root + path: /etc/containerd/certs.d/{{ registry }}/hosts.toml +{% endfor %} - content: | network: {config: disabled} owner: root:root @@ -103,6 +118,27 @@ patchesJson6902: kind: KubeadmControlPlane name: .* patch: |- + - op: add + path: /spec/kubeadmConfigSpec/files/- + value: + content: | + [plugins."io.containerd.grpc.v1.cri".registry] + config_path = "/etc/containerd/certs.d" + append: true + path: /etc/containerd/config.toml +{% for registry in _template.registries %} + - op: add + path: /spec/kubeadmConfigSpec/files/- + value: + content: | + server = "https://{{ registry }}" + + [host."https://registry.{{ _template.network.fqdn }}/v2/library/{{ registry }}"] + capabilities = ["pull", "resolve"] + override_path = true + owner: root:root + path: /etc/containerd/certs.d/{{ registry }}/hosts.toml +{% endfor %} - op: add path: /spec/kubeadmConfigSpec/files/- value: diff --git a/packer/build.pkr.hcl b/packer/build.pkr.hcl index 1518eee..2c2e4ce 100644 --- a/packer/build.pkr.hcl +++ b/packer/build.pkr.hcl @@ -34,6 +34,7 @@ build { "PYTHONUNBUFFERED=1" ] use_proxy = "false" + collections_path = "ansible/collections" extra_arguments = [ "--extra-vars", "appliancetype=${source.name}",