Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add components.containerd #324

Open
wants to merge 5 commits into
base: main
Choose a base branch
from
+187 −16
Open

add components.containerd #324

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
f1bef77
add components.containerd
anvddriesch Jan 16, 2025
7eac338
remove auditd
anvddriesch Jan 16, 2025
0cb7356
bracket
anvddriesch Jan 20, 2025
b1ff940
defaults
anvddriesch Jan 20, 2025
5a7339a
readme
anvddriesch Jan 20, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

## [Unreleased]

### Added

- Add `components.containerd` to the schema and values.

## [0.68.0] - 2024-12-11

### Changed
Expand Down
26 changes: 26 additions & 0 deletions helm/cluster-vsphere/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,32 @@ Properties within the `.internal` top-level object
| `internal.kubectlImage.registry` | **Registry**|**Type:** `string`<br/>**Default:** `"gsoci.azurecr.io"`|
| `internal.kubectlImage.tag` | **Tag**|**Type:** `string`<br/>**Default:** `"1.29.9"`|

### Components
Properties within the `.global.components` object
Advanced configuration of components that are running on all nodes.

| **Property** | **Description** | **More Details** |
| :----------- | :-------------- | :--------------- |
| `global.components.containerd` | **Containerd** - Configuration of containerd.|**Type:** `object`<br/>|
| `global.components.containerd.containerRegistries` | **Container registries** - Endpoints and credentials configuration for container registries.|**Type:** `object`<br/>**Default:** `{}`|
| `global.components.containerd.containerRegistries.*` | **Registries** - Container registries and mirrors|**Type:** `array`<br/>|
| `global.components.containerd.containerRegistries.*[*]` | **Registry**|**Type:** `object`<br/>|
| `global.components.containerd.containerRegistries.*[*].credentials` | **Credentials**|**Type:** `object`<br/>|
| `global.components.containerd.containerRegistries.*[*].credentials.auth` | **Auth** - Base64-encoded string from the concatenation of the username, a colon, and the password.|**Type:** `string`<br/>|
| `global.components.containerd.containerRegistries.*[*].credentials.identitytoken` | **Identity token** - Used to authenticate the user and obtain an access token for the registry.|**Type:** `string`<br/>|
| `global.components.containerd.containerRegistries.*[*].credentials.password` | **Password** - Used to authenticate for the registry with username/password.|**Type:** `string`<br/>|
| `global.components.containerd.containerRegistries.*[*].credentials.username` | **Username** - Used to authenticate for the registry with username/password.|**Type:** `string`<br/>|
| `global.components.containerd.containerRegistries.*[*].endpoint` | **Endpoint** - Endpoint for the container registry.|**Type:** `string`<br/>|
| `global.components.containerd.localRegistryCache` | **Local registry caches configuration** - Enable local cache via http://127.0.0.1:<PORT>.|**Type:** `object`<br/>|
| `global.components.containerd.localRegistryCache.enabled` | **Enable local registry caches** - Flag to enable local registry cache.|**Type:** `boolean`<br/>**Default:** `false`|
| `global.components.containerd.localRegistryCache.mirroredRegistries` | **Registries to cache locally** - A list of registries that should be cached.|**Type:** `array`<br/>**Default:** `[]`|
| `global.components.containerd.localRegistryCache.mirroredRegistries[*]` |**None**|**Type:** `string`<br/>|
| `global.components.containerd.localRegistryCache.port` | **Local port for the registry cache** - Port for the local registry cache under: http://127.0.0.1:<PORT>.|**Type:** `integer`<br/>**Default:** `32767`|
| `global.components.containerd.managementClusterRegistryCache` | **Management cluster registry cache** - Caching container registry on a management cluster level.|**Type:** `object`<br/>|
| `global.components.containerd.managementClusterRegistryCache.enabled` | **Enabled** - Enabling this will configure containerd to use management cluster's Zot registry service. To make use of it as a pull-through cache, you also have to specify registries to cache images for.|**Type:** `boolean`<br/>**Default:** `true`|
| `global.components.containerd.managementClusterRegistryCache.mirroredRegistries` | **Registries to cache** - Here you must specify each registry to cache container images for. Please also make sure to have an entry for each registry in Global > Components > Containerd > Container registries.|**Type:** `array`<br/>**Default:** `[]`|
| `global.components.containerd.managementClusterRegistryCache.mirroredRegistries[*]` |**None**|**Type:** `string`<br/>|

### Connectivity
Properties within the `.global.connectivity` object
Configurations related to cluster connectivity such as container registries.
Expand Down
34 changes: 18 additions & 16 deletions helm/cluster-vsphere/ci/test-multiple-mirrors-with-auth-and-local-caching.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,23 +3,25 @@ global:
description: "test cluster"
name: "test"
organization: "giantswarm"
components:
containerd:
containerRegistries:
gsoci.azurecr.io:
- endpoint: zot-test-1.golem.gaws.gigantic.io
credentials:
username: example
password: xxxxx
gsociprivate.azurecr.io:
- endpoint: zot-test-2.golem.gaws.gigantic.io
credentials:
username: example
password: yyyyy
localRegistryCache:
enabled:
mirroredRegistries:
- gsoci.azurecr.io
- gsociprivate.azurecr.io
connectivity:
containerRegistries:
gsoci.azurecr.io:
- endpoint: zot-test-1.golem.gaws.gigantic.io
credentials:
username: example
password: xxxxx
gsociprivate.azurecr.io:
- endpoint: zot-test-2.golem.gaws.gigantic.io
credentials:
username: example
password: yyyyy
localRegistryCache:
enabled: true
mirroredRegistries:
- gsoci.azurecr.io
- gsociprivate.azurecr.io
network:
controlPlaneEndpoint:
host: "10.10.222.241"
Expand Down
129 changes: 129 additions & 0 deletions helm/cluster-vsphere/values.schema.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -394,6 +394,135 @@
"release"
],
"properties": {
"components": {
"type": "object",
"title": "Components",
"description": "Advanced configuration of components that are running on all nodes.",
"additionalProperties": false,
"properties": {
"containerd": {
"type": "object",
"title": "Containerd",
"description": "Configuration of containerd.",
"required": [
"containerRegistries"
],
"additionalProperties": false,
"properties": {
"containerRegistries": {
"type": "object",
"title": "Container registries",
"description": "Endpoints and credentials configuration for container registries.",
"additionalProperties": {
"type": "array",
"title": "Registries",
"description": "Container registries and mirrors",
"items": {
"type": "object",
"title": "Registry",
"required": [
"endpoint"
],
"properties": {
"credentials": {
"type": "object",
"title": "Credentials",
"properties": {
"auth": {
"type": "string",
"title": "Auth",
"description": "Base64-encoded string from the concatenation of the username, a colon, and the password."
},
"identitytoken": {
"type": "string",
"title": "Identity token",
"description": "Used to authenticate the user and obtain an access token for the registry."
},
"password": {
"type": "string",
"title": "Password",
"description": "Used to authenticate for the registry with username/password."
},
"username": {
"type": "string",
"title": "Username",
"description": "Used to authenticate for the registry with username/password."
}
}
},
"endpoint": {
"type": "string",
"title": "Endpoint",
"description": "Endpoint for the container registry."
}
}
}
},
"default": {}
},
"localRegistryCache": {
"type": "object",
"title": "Local registry caches configuration",
"description": "Enable local cache via http://127.0.0.1:<PORT>.",
"required": [
"enabled",
"port"
],
"additionalProperties": false,
"properties": {
"enabled": {
"type": "boolean",
"title": "Enable local registry caches",
"description": "Flag to enable local registry cache.",
"default": false
},
"mirroredRegistries": {
"type": "array",
"title": "Registries to cache locally",
"description": "A list of registries that should be cached.",
"items": {
"type": "string"
},
"default": []
},
"port": {
"type": "integer",
"title": "Local port for the registry cache",
"description": "Port for the local registry cache under: http://127.0.0.1:<PORT>.",
"default": 32767
}
}
},
"managementClusterRegistryCache": {
"type": "object",
"title": "Management cluster registry cache",
"description": "Caching container registry on a management cluster level.",
"required": [
"enabled"
],
"additionalProperties": false,
"properties": {
"enabled": {
"type": "boolean",
"title": "Enabled",
"description": "Enabling this will configure containerd to use management cluster's Zot registry service. To make use of it as a pull-through cache, you also have to specify registries to cache images for.",
"default": true
},
"mirroredRegistries": {
"type": "array",
"title": "Registries to cache",
"description": "Here you must specify each registry to cache container images for. Please also make sure to have an entry for each registry in Global > Components > Containerd > Container registries.",
"items": {
"type": "string"
},
"default": []
}
}
}
}
}
}
},
"connectivity": {
"type": "object",
"title": "Connectivity",
Expand Down
10 changes: 10 additions & 0 deletions helm/cluster-vsphere/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -187,6 +187,16 @@ cluster:
resources:
infrastructureMachineTemplateSpecTemplateName: worker-vspheremachinetemplate-spec
global:
components:
containerd:
containerRegistries: {}
localRegistryCache:
enabled: false
mirroredRegistries: []
port: 32767
managementClusterRegistryCache:
enabled: true
mirroredRegistries: []
connectivity:
containerRegistries: {}
localRegistryCache:
Expand Down
Loading