Adapt kind cluster's registry configuration to the new way of configu…

…ring registry mirrors in containerd (gardener#8047) Co-authored-by: Kostov6 <v.kostov@sap.com> Co-authored-by: dimitar-kostadinov <dimitar.kostadinov@sap.com>
nickytd · Jun 16, 2023 · b16a827 · b16a827
1 parent 6d5b5a3
commit b16a827
Show file tree

Hide file tree

Showing 3 changed files with 43 additions and 18 deletions.
diff --git a/example/gardener-local/kind/cluster/templates/_containerd_config_patches.tpl b/example/gardener-local/kind/cluster/templates/_containerd_config_patches.tpl
diff --git a/example/gardener-local/kind/cluster/templates/cluster.yaml b/example/gardener-local/kind/cluster/templates/cluster.yaml
@@ -37,7 +37,9 @@ nodes:
 {{- end }}
 
 containerdConfigPatches:
-{{ include "containerdConfigPatches" . }}
+- |-
+  [plugins."io.containerd.grpc.v1.cri".registry]
+    config_path = "/etc/containerd/certs.d"
 
 networking:
   disableDefaultCNI: true # disable kindnet since we install calico for network policy support

diff --git a/hack/kind-up.sh b/hack/kind-up.sh
@@ -118,6 +118,44 @@ setup_loopback_device() {
   echo "Setting up loopback device ${LOOPBACK_DEVICE} completed."
 }
 
+# setup_containerd_registry_mirrors sets up all containerd registry mirrors.
+# Resources:
+# - https://github.com/containerd/containerd/blob/main/docs/hosts.md
+# - https://kind.sigs.k8s.io/docs/user/local-registry/
+setup_containerd_registry_mirrors() {
+  REGISTRY_HOSTNAME="garden.local.gardener.cloud"
+
+  for NODE in $(kind get nodes --name="$CLUSTER_NAME"); do
+    if [[ "$ENVIRONMENT" == "skaffold" ]]; then
+      setup_containerd_registry_mirror $NODE "localhost:5001" "http://localhost:5001" "http://${REGISTRY_HOSTNAME}:5001"
+    fi
+
+    setup_containerd_registry_mirror $NODE "gcr.io" "https://gcr.io" "http://${REGISTRY_HOSTNAME}:5003"
+    setup_containerd_registry_mirror $NODE "eu.gcr.io" "https://eu.gcr.io" "http://${REGISTRY_HOSTNAME}:5004"
+    setup_containerd_registry_mirror $NODE "ghcr.io" "https://ghcr.io" "http://${REGISTRY_HOSTNAME}:5005"
+    setup_containerd_registry_mirror $NODE "registry.k8s.io" "https://registry.k8s.io" "http://${REGISTRY_HOSTNAME}:5006"
+    setup_containerd_registry_mirror $NODE "quay.io" "https://quay.io" "http://${REGISTRY_HOSTNAME}:5007"
+  done
+}
+
+# setup_containerd_registry_mirror sets up a given contained registry mirror.
+setup_containerd_registry_mirror() {
+  NODE=$1
+  UPSTREAM_HOST=$2
+  UPSTREAM_SERVER=$3
+  MIRROR_HOST=$4
+
+  echo "Setting up containerd registry mirror for host ${UPSTREAM_HOST}.";
+  REGISTRY_DIR="/etc/containerd/certs.d/${UPSTREAM_HOST}"
+  docker exec "${NODE}" mkdir -p "${REGISTRY_DIR}"
+  cat <<EOF | docker exec -i "${NODE}" cp /dev/stdin "${REGISTRY_DIR}/hosts.toml"
+server = "${UPSTREAM_SERVER}"
+
+[host."${MIRROR_HOST}"]
+  capabilities = ["pull", "resolve"]
+EOF
+}
+
 parse_flags "$@"
 
 mkdir -m 0755 -p \
@@ -237,6 +275,8 @@ fi
 kubectl apply -k "$(dirname "$0")/../example/gardener-local/calico/$IPFAMILY" --server-side
 kubectl apply -k "$(dirname "$0")/../example/gardener-local/metrics-server"   --server-side
 
+setup_containerd_registry_mirrors
+
 kubectl get nodes -l node-role.kubernetes.io/control-plane -o name |\
   cut -d/ -f2 |\
   xargs -I {} kubectl taint node {} node-role.kubernetes.io/control-plane:NoSchedule- || true