From f0bf9e7f8b7e5f61057699b710a7345c5bfc8c82 Mon Sep 17 00:00:00 2001 From: Jess Date: Thu, 3 Nov 2022 16:26:51 -0600 Subject: [PATCH 1/2] Support default hosts.toml configuration Add support for an optional `default` registry hosts config, should no other hosts config match. Signed-off-by: Jess --- remotes/docker/config/config_unix.go | 14 ++++++++------ remotes/docker/config/config_windows.go | 14 ++++++++------ 2 files changed, 16 insertions(+), 12 deletions(-) diff --git a/remotes/docker/config/config_unix.go b/remotes/docker/config/config_unix.go index 092b82a87..6967f680d 100644 --- a/remotes/docker/config/config_unix.go +++ b/remotes/docker/config/config_unix.go @@ -24,16 +24,18 @@ import ( "path/filepath" ) -func hostPaths(root, host string) []string { +func hostPaths(root, host string) (hosts []string) { ch := hostDirectory(host) - if ch == host { - return []string{filepath.Join(root, host)} + if ch != host { + hosts = append(hosts, filepath.Join(root, ch)) } - return []string{ - filepath.Join(root, ch), + hosts = append(hosts, filepath.Join(root, host), - } + filepath.Join(root, "_default"), + ) + + return } func rootSystemPool() (*x509.CertPool, error) { diff --git a/remotes/docker/config/config_windows.go b/remotes/docker/config/config_windows.go index 4a9d3361e..4697728b9 100644 --- a/remotes/docker/config/config_windows.go +++ b/remotes/docker/config/config_windows.go @@ -22,16 +22,18 @@ import ( "strings" ) -func hostPaths(root, host string) []string { +func hostPaths(root, host string) (hosts []string) { ch := hostDirectory(host) - if ch == host { - return []string{filepath.Join(root, host)} + if ch != host { + hosts = append(hosts, filepath.Join(root, strings.Replace(ch, ":", "", -1))) } - return []string{ - filepath.Join(root, strings.Replace(ch, ":", "", -1)), + hosts = append(hosts, filepath.Join(root, strings.Replace(host, ":", "", -1)), - } + filepath.Join(root, "_default"), + ) + + return } func rootSystemPool() (*x509.CertPool, error) { From 8b1b81eefd0f3a9283fdb05c0d92b379dfa6c78d Mon Sep 17 00:00:00 2001 From: Jess Date: Thu, 3 Nov 2022 15:13:47 -0600 Subject: [PATCH 2/2] Update hosts doc Signed-off-by: Jess --- docs/hosts.md | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/docs/hosts.md b/docs/hosts.md index e6c5ac855..0298c9305 100644 --- a/docs/hosts.md +++ b/docs/hosts.md @@ -73,6 +73,9 @@ $ tree /etc/containerd/certs.d └── hosts.toml ``` +Optionally the `_default` registry host namespace can be used as a fallback, if no +other namespace matches. + The `/v2` portion of the pull request format shown above refers to the version of the distribution api. If not included in the pull request, `/v2` is added by default for all clients compliant to the distribution specification linked above. @@ -157,6 +160,21 @@ server = "https://registry-1.docker.io" # Exclude this to not use upstream ca = "docker-mirror.crt" # Or absolute path /etc/containerd/certs.d/docker.io/docker-mirror.crt ``` +### Setup Default Mirror for All Registries + +``` +$ tree /etc/containerd/certs.d +/etc/containerd/certs.d +└── _default + └── hosts.toml + +$ cat /etc/containerd/certs.d/_default/hosts.toml +server = "https://registry.example.com" + +[host."https://registry.example.com"] + capabilities = ["pull", "resolve"] +``` + ### Bypass TLS Verification Example To bypass the TLS verification for a private registry at `192.168.31.250:5000`