--insecure-registry does not work with cri-o when using kicbase image

when creating a minikube instance using kic driver it looks like the `--insecure-registry` options are injected to `/etc/sysconfig/crio.minikube`:

https://github.com/kubernetes/minikube/blob/a85e15549035ed604517152325b47eace33c7028/pkg/provision/provision.go#L241-L263

But the `crio.service` in the `kcibase` image does not include that file:

```
$ sudo podman ps
CONTAINER ID  IMAGE                                COMMAND  CREATED      STATUS          PORTS                                                                                                                                 NAMES
bdf7c0ce6328  gcr.io/k8s-minikube/kicbase:v0.0.30           5 hours ago  Up 5 hours ago  127.0.0.1:32883->22/tcp, 127.0.0.1:42673->2376/tcp, 127.0.0.1:34131->5000/tcp, 127.0.0.1:44439->8443/tcp, 127.0.0.1:44799->32443/tcp  minikube

$ minikube config view
- container-runtime: cri-o
- driver: podman
- insecure-registry: host.minikube.internal:5000

$ sudo podman exec minikube bash -c "cat /etc/sysconfig/crio.minikube"

CRIO_MINIKUBE_OPTIONS='--insecure-registry 10.96.0.0/12 --insecure-registry host.minikube.internal:5000 '

# https://manpages.ubuntu.com/manpages/bionic/man5/systemd.unit.5.html#unit%20file%20load%20path
$ sudo podman exec minikube bash -c "tail -n+0 {/etc/systemd/system,/run/systemd/system,/lib/systemd/system}/crio.service"
tail: cannot open '/etc/systemd/system/crio.service' for reading: No such file or directory
tail: cannot open '/run/systemd/system/crio.service' for reading: No such file or directory
==> /lib/systemd/system/crio.service <==
[Unit]
Description=Container Runtime Interface for OCI (CRI-O)
Documentation=https://github.com/cri-o/cri-o
Wants=network-online.target
Before=kubelet.service
After=network-online.target

[Service]
Type=notify
EnvironmentFile=-/etc/default/crio
Environment=GOTRACEBACK=crash
ExecStart=/usr/bin/crio \
          $CRIO_CONFIG_OPTIONS \
          $CRIO_RUNTIME_OPTIONS \
          $CRIO_STORAGE_OPTIONS \
          $CRIO_NETWORK_OPTIONS \
          $CRIO_METRICS_OPTIONS
ExecReload=/bin/kill -s HUP $MAINPID
TasksMax=infinity
LimitNOFILE=1048576
LimitNPROC=1048576
LimitCORE=infinity
OOMScoreAdjust=-999
TimeoutStartSec=0
Restart=on-abnormal

[Install]
WantedBy=multi-user.target
Alias=cri-o.service
```

	func setCrioOptions(p provision.SSHCommander) error {
	// pass through --insecure-registry
	var (
	crioOptsTmpl = `
	CRIO_MINIKUBE_OPTIONS='{{ range .EngineOptions.InsecureRegistry }}--insecure-registry {{.}} {{ end }}'
	`
	crioOptsPath = "/etc/sysconfig/crio.minikube"
	)
	t, err := template.New("crioOpts").Parse(crioOptsTmpl)
	if err != nil {
	return err
	}
	var crioOptsBuf bytes.Buffer
	if err := t.Execute(&crioOptsBuf, p); err != nil {
	return err
	}

	if _, err = p.SSHCommand(fmt.Sprintf("sudo mkdir -p %s && printf %%s \"%s\" \| sudo tee %s && sudo systemctl restart crio", path.Dir(crioOptsPath), crioOptsBuf.String(), crioOptsPath)); err != nil {
	return err
	}

	return nil
	}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

--insecure-registry does not work with cri-o when using kicbase image #13932

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

--insecure-registry does not work with cri-o when using kicbase image #13932

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions