User or Developer story
As a WMCO user, I want `containerd` initial configuration template to support access to secure registries so that eliminate the manual step needed to configure the `toml` file on the nodes.
Description
Currently, with the default `containerd` configuration in the toml file every time a Windows node is provisioned there is a manual step to allow it to pull from the registry. If the operator could read from the same secret that the coreos nodes use and configure the toml file on the nodes this would eliminate the manual step currently needed. Below is an example of the config file to allow access.
config_path = "" [plugins."io.containerd.grpc.v1.cri".registry.auths] [plugins."io.containerd.grpc.v1.cri".registry.configs] [plugins."io.containerd.grpc.v1.cri".registry.configs."my-registry.com".auth] auth = "*************" [plugins."io.containerd.grpc.v1.cri".registry.headers]
Engineering Details
The default `containerd` configuration template (containerd_conf.toml) is maintained in the WMCO payload and copied to the Windows instance.
WMCO should be able to pull the registry information, possibly from the Linux workers, and update the template with a config plugins section.
[plugins."io.containerd.grpc.v1.cri".registry] [plugins."io.containerd.grpc.v1.cri".registry.auths] [plugins."io.containerd.grpc.v1.cri".registry.configs]
Acceptance Criteria
- Windows nodes with containerd runtime are able to access private registry without manual intervention.