From ef7f327f2a4f5bf7c5635871d950366631c7caa9 Mon Sep 17 00:00:00 2001
From: Yecheng Fu <fuyecheng@pingcap.com>
Date: Thu, 9 Jan 2020 16:05:45 +0800
Subject: [PATCH] update config syntax in registry.md

Signed-off-by: Yecheng Fu <fuyecheng@pingcap.com>
---
 docs/registry.md | 39 +++++++++++++++++++++++++++++----------
 1 file changed, 29 insertions(+), 10 deletions(-)

diff --git a/docs/registry.md b/docs/registry.md
index 3dbf8abab..9019df33e 100644
--- a/docs/registry.md
+++ b/docs/registry.md
@@ -1,20 +1,27 @@
 # Configure Image Registry
 This document describes the method to configure the image registry for `containerd` for use with the `cri` plugin.
 
+NOTE: The configuration syntax used in this doc is in version 2 which is the
+recommended since `containerd` 1.3. If your configuration is still in version 1,
+you can replace `"io.containerd.grpc.v1.cri"` with `cri`.
+
 ## Configure Registry Endpoint
 With containerd, `docker.io` is the default image registry. You can also set up other image registries similar to docker.
 
 To configure image registries create/modify the `/etc/containerd/config.toml` as follows:
 ```toml
-[plugins.cri.registry.mirrors]
-  [plugins.cri.registry.mirrors."docker.io"]
+# explicitly use v2 config format
+version = 2
+
+[plugin."io.containerd.grpc.v1.cri".registry.mirrors]
+  [plugin."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
     endpoint = ["https://registry-1.docker.io"]
-  [plugins.cri.registry.mirrors."test.https-registry.io"]
+  [plugin."io.containerd.grpc.v1.cri".registry.mirrors."test.https-registry.io"]
     endpoint = ["https://HostIP1:Port1"]
-  [plugins.cri.registry.mirrors."test.http-registry.io"]
+  [plugin."io.containerd.grpc.v1.cri".registry.mirrors."test.http-registry.io"]
     endpoint = ["http://HostIP2:Port2"]
   # wildcard matching is supported but not required.
-  [plugins.cri.registry.mirrors."*"]
+  [plugin."io.containerd.grpc.v1.cri".registry.mirrors."*"]
     endpoint = ["https://HostIP3:Port3"]
 ```
 
@@ -38,9 +45,12 @@ After modify this config, you need restart the `containerd` service.
 
 To configure the TLS settings for a specific registry, create/modify the `/etc/containerd/config.toml` as follows:
 ```toml
+# explicitly use v2 config format
+version = 2
+
 # The registry host has to be a domain name or IP. Port number is also
 # needed if the default HTTPS or HTTP port is not used.
-[plugins.cri.registry.configs."my.custom.registry".tls]
+[plugin."io.containerd.grpc.v1.cri".registry.configs."my.custom.registry".tls]
     ca_file   = "ca.pem"
     cert_file = "cert.pem"
     key_file  = "key.pem"
@@ -52,13 +62,19 @@ In the config example shown above, TLS mutual authentication will be used for co
 `cert_file` and `key_file` are not needed when TLS mutual authentication is unused.
 
 ```toml
-[plugins.cri.registry.configs."my.custom.registry".tls]
+# explicitly use v2 config format
+version = 2
+
+[plugin."io.containerd.grpc.v1.cri".registry.configs."my.custom.registry".tls]
     ca_file   = "ca.pem"
 ```
 
 To skip the registry certificate verification:
-```
-[plugins.cri.registry.configs."my.custom.registry".tls]
+```toml
+# explicitly use v2 config format
+version = 2
+
+[plugin."io.containerd.grpc.v1.cri".registry.configs."my.custom.registry".tls]
   insecure_skip_verify = true
 ```
 
@@ -69,9 +85,12 @@ To skip the registry certificate verification:
 To configure a credential for a specific registry, create/modify the
 `/etc/containerd/config.toml` as follows:
 ```toml
+# explicitly use v2 config format
+version = 2
+
 # The registry host has to be a domain name or IP. Port number is also
 # needed if the default HTTPS or HTTP port is not used.
-[plugins.cri.registry.configs."gcr.io".auth]
+[plugin."io.containerd.grpc.v1.cri".registry.configs."gcr.io".auth]
   username = ""
   password = ""
   auth = ""