fix: with_item to with_dict

Signed-off-by: rongfu.leng <rongfu.leng@daocloud.io>
kubernetes-sigs · Jan 30, 2023 · 9f35ba2 · 9f35ba2
1 parent 8523f52
commit 9f35ba2
Show file tree

Hide file tree

Showing 4 changed files with 19 additions and 6 deletions.
diff --git a/docs/containerd.md b/docs/containerd.md
@@ -100,6 +100,15 @@ containerd_runc_runtime:
   ...
 ```
 
+Config insecure-registry access to self hosted registries.
+
+```yaml
+containerd_insecure_registries:
+  "test.registry.io": "http://test.registry.io"
+  "172.19.16.11:5000": "http://172.19.16.11:5000"
+  "repo:5000": "http://repo:5000"
+```
+
 [containerd]: https://containerd.io/
 [RuntimeClass]: https://kubernetes.io/docs/concepts/containers/runtime-class/
 [runtime classes in containerd]: https://github.com/containerd/containerd/blob/main/docs/cri/config.md#runtime-classes

diff --git a/roles/container-engine/containerd/tasks/main.yml b/roles/container-engine/containerd/tasks/main.yml
@@ -117,21 +117,20 @@
     state: directory
     mode: 0755
     recurse: true
-  with_items: "{{ containerd_insecure_registries }}"
+  with_dict: "{{ containerd_insecure_registries }}"
   when: containerd_insecure_registries is defined
 
 - name: containerd ｜ Write hosts.toml file
   blockinfile:
     path: "{{ containerd_cfg_dir }}/certs.d/{{ item.key }}/hosts.toml"
-    owner: "root"
     mode: 0640
     create: true
     block: |
       server = "{{ item.value }}"
       [host."{{ item.value }}"]
         capabilities = ["pull", "resolve", "push"]
         skip_verify = true
-  with_items: "{{ containerd_insecure_registries }}"
+  with_dict: "{{ containerd_insecure_registries }}"
   when: containerd_insecure_registries is defined
 
 # you can sometimes end up in a state where everything is installed

diff --git a/roles/kubespray-defaults/defaults/main.yaml b/roles/kubespray-defaults/defaults/main.yaml
@@ -358,9 +358,9 @@ containerd_use_systemd_cgroup: true
 ## example define mirror.registry.io or 172.19.16.11:5000
 ## Port number is also needed if the default HTTPS port is not used.
 # containerd_insecure_registries:
-#   - mirror.registry.io
-#   - 172.19.16.11:5000
-containerd_insecure_registries: []
+#   "mirror.registry.io":"http://mirror.registry.io"
+#   "172.19.16.11:5000":"http://172.19.16.11:5000"
+containerd_insecure_registries: {}
 
 # Containerd conf default dir
 containerd_storage_dir: "/var/lib/containerd"

diff --git a/tests/files/packet_ubuntu22-calico-aio.yml b/tests/files/packet_ubuntu22-calico-aio.yml
@@ -10,3 +10,8 @@ auto_renew_certificates: true
 # Currently ipvs not available on KVM: https://packages.ubuntu.com/search?suite=focal&arch=amd64&mode=exactfilename&searchon=contents&keywords=ip_vs_sh.ko
 kube_proxy_mode: iptables
 enable_nodelocaldns: False
+
+# Config Registry insecure
+containerd_insecure_registries:
+  "mirror.registry.io": "http://mirror.registry.io"
+  "172.19.16.11:5000": "http://172.19.16.11:5000"