Add support for node-level registry auth

charts/openstack-cluster/templates/_helpers.tpl

@@ -118,6 +118,15 @@ files:
     owner: root:root
     permissions: "0644"
 {{- end }}
+{{- if $ctx.Values.registryAuth }}
+  - path: /etc/containerd/conf.d/auth.toml
+    contentFrom:
+      secret:
+        name: {{ include "openstack-cluster.componentName" (list $ctx "containerd-auth") }}
+        key: "auth.toml"
+    owner: root:root
+    permissions: "0644"
+{{- end }}
 {{- if $files }}
   {{- range $files }}
   - {{ toYaml . | nindent 4 }}

charts/openstack-cluster/templates/secret-containerd-auth.yaml

@@ -0,0 +1,17 @@
+{{- if .Values.registryAuth }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "openstack-cluster.componentName" (list . "containerd-auth") }}
+  labels: {{ include "openstack-cluster.componentLabels" (list . "containerd-auth") | nindent 4 }}
+stringData:
+  auth.toml: |
+    version = 2
+    [plugins."io.containerd.grpc.v1.cri".registry.configs]
+      {{- range $registry, $auth := .Values.registryAuth }}
+      [plugins."io.containerd.grpc.v1.cri".registry.configs."{{ $registry }}".auth]
+        username = "{{ $auth.username }}"
+        password = "{{ $auth.password }}"
+      {{- end }}
+{{- end }}

charts/openstack-cluster/values.yaml

@@ -68,6 +68,12 @@ clusterNetworking:
 registryMirrors: {}
   # docker.io: ["https://registry.my.domain/v2/dockerhub-public"]
 
+# Settings for node-level registry auth
+registryAuth: {}
+  # registry-1.docker.io:
+  #   username: "<username>"
+  #   password: "<password>"
+
 # List of additional packages to install on cluster nodes
 additionalPackages: []
   # - nfs-common