github/containerd
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

Add insecure_skip_verify option.

Browse Source 
Signed-off-by: Lantao Liu <lantaol@google.com>
This commit is contained in:
Lantao Liu
2019-11-26 13:25:52 -08:00
parent d4d337b425
commit ab6701bd11
3 changed files with 42 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
docs/registry.md
View File

@@ -9,13 +9,13 @@ To configure image registries create/modify the `/etc/containerd/config.toml` as
[plugins.cri.registry.mirrors]
[plugins.cri.registry.mirrors."docker.io"]
endpoint = ["https://registry-1.docker.io"]
[plugins.cri.registry.mirrors."test.secure-registry.io"]
[plugins.cri.registry.mirrors."test.https-registry.io"]
endpoint = ["https://HostIP1:Port1"]
[plugins.cri.registry.mirrors."test.insecure-registry.io"]
[plugins.cri.registry.mirrors."test.http-registry.io"]
endpoint = ["http://HostIP2:Port2"]
# wildcard matching is supported but not required.
[plugins.cri.registry.mirrors."*"]
endpoint = ["http://HostIP3:Port3"]
endpoint = ["https://HostIP3:Port3"]
```
The default configuration can be generated by `containerd config default > /etc/containerd/config.toml`.
@@ -38,7 +38,8 @@ After modify this config, you need restart the `containerd` service.
To configure the TLS settings for a specific registry, create/modify the `/etc/containerd/config.toml` as follows:
```toml
# The registry host has to be an domain name or IP.
# The registry host has to be an domain name or IP. Port number is also
# needed if the default HTTPS or HTTP port is not used.
[plugins.cri.registry.configs."my.custom.registry".tls]
ca_file = "ca.pem"
cert_file = "cert.pem"
@@ -51,11 +52,16 @@ In the config example shown above, TLS mutual authentication will be used for co
`cert_file` and `key_file` are not needed when TLS mutual authentication is unused.
```toml
# The registry host has to be an domain name or IP.
[plugins.cri.registry.configs."my.custom.registry".tls]
ca_file = "ca.pem"
```
To skip the registry certificate verification:
```
[plugins.cri.registry.configs."my.custom.registry".tls]
insecure_skip_verify = true
```
## Configure Registry Credentials
`cri` plugin also supports docker like registry credential config.
@@ -63,7 +69,8 @@ In the config example shown above, TLS mutual authentication will be used for co
To configure a credential for a specific registry, create/modify the
`/etc/containerd/config.toml` as follows:
```toml
# The registry host has to be an domain name or IP.
# The registry host has to be an domain name or IP. Port number is also
# needed if the default HTTPS or HTTP port is not used.
[plugins.cri.registry.configs."gcr.io".auth]
username = ""
password = ""