github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

Merge pull request #7607 from jess-sol/main

Browse Source 
Support default hosts.toml configuration
This commit is contained in:
Kazuyoshi Kato 2022-11-04 10:22:00 -07:00 committed by GitHub
commit e306680f44
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 34 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
docs/hosts.md
View File

@ -73,6 +73,9 @@ $ tree /etc/containerd/certs.d
└── hosts.toml └── hosts.toml
``` ```
Optionally the `_default` registry host namespace can be used as a fallback, if no
other namespace matches.
The `/v2` portion of the pull request format shown above refers to the version of the The `/v2` portion of the pull request format shown above refers to the version of the
distribution api. If not included in the pull request, `/v2` is added by default for all distribution api. If not included in the pull request, `/v2` is added by default for all
clients compliant to the distribution specification linked above. clients compliant to the distribution specification linked above.
@ -157,6 +160,21 @@ server = "https://registry-1.docker.io" # Exclude this to not use upstream
ca = "docker-mirror.crt" # Or absolute path /etc/containerd/certs.d/docker.io/docker-mirror.crt ca = "docker-mirror.crt" # Or absolute path /etc/containerd/certs.d/docker.io/docker-mirror.crt
``` ```
### Setup Default Mirror for All Registries
```
$ tree /etc/containerd/certs.d
/etc/containerd/certs.d
└── _default
└── hosts.toml
$ cat /etc/containerd/certs.d/_default/hosts.toml
server = "https://registry.example.com"
[host."https://registry.example.com"]
capabilities = ["pull", "resolve"]
```
### Bypass TLS Verification Example ### Bypass TLS Verification Example
To bypass the TLS verification for a private registry at `192.168.31.250:5000` To bypass the TLS verification for a private registry at `192.168.31.250:5000`

14
remotes/docker/config/config_unix.go
View File

@ -24,16 +24,18 @@ import (
"path/filepath" "path/filepath"
) )
func hostPaths(root, host string) []string { func hostPaths(root, host string) (hosts []string) {
ch := hostDirectory(host) ch := hostDirectory(host)
if ch == host { if ch != host {
return []string{filepath.Join(root, host)} hosts = append(hosts, filepath.Join(root, ch))
} }
return []string{ hosts = append(hosts,
filepath.Join(root, ch),
filepath.Join(root, host), filepath.Join(root, host),
} filepath.Join(root, "_default"),
)
return
} }
func rootSystemPool() (*x509.CertPool, error) { func rootSystemPool() (*x509.CertPool, error) {

14
remotes/docker/config/config_windows.go
View File

@ -22,16 +22,18 @@ import (
"strings" "strings"
) )
func hostPaths(root, host string) []string { func hostPaths(root, host string) (hosts []string) {
ch := hostDirectory(host) ch := hostDirectory(host)
if ch == host { if ch != host {
return []string{filepath.Join(root, host)} hosts = append(hosts, filepath.Join(root, strings.Replace(ch, ":", "", -1)))
} }
return []string{ hosts = append(hosts,
filepath.Join(root, strings.Replace(ch, ":", "", -1)),
filepath.Join(root, strings.Replace(host, ":", "", -1)), filepath.Join(root, strings.Replace(host, ":", "", -1)),
} filepath.Join(root, "_default"),
)
return
} }
func rootSystemPool() (*x509.CertPool, error) { func rootSystemPool() (*x509.CertPool, error) {