diff --git a/charts/openstack-cluster/templates/_helpers.tpl b/charts/openstack-cluster/templates/_helpers.tpl index c9b082b..8347b34 100644 --- a/charts/openstack-cluster/templates/_helpers.tpl +++ b/charts/openstack-cluster/templates/_helpers.tpl @@ -118,6 +118,15 @@ files: owner: root:root permissions: "0644" {{- end }} +{{- if $ctx.Values.registryAuth }} + - path: /etc/containerd/conf.d/auth.toml + contentFrom: + secret: + name: {{ include "openstack-cluster.componentName" (list $ctx "containerd-auth") }} + key: "auth.toml" + owner: root:root + permissions: "0644" +{{- end }} {{- if $files }} {{- range $files }} - {{ toYaml . | nindent 4 }} diff --git a/charts/openstack-cluster/templates/secret-containerd-auth.yaml b/charts/openstack-cluster/templates/secret-containerd-auth.yaml new file mode 100644 index 0000000..83d99c4 --- /dev/null +++ b/charts/openstack-cluster/templates/secret-containerd-auth.yaml @@ -0,0 +1,17 @@ +{{- if .Values.registryAuth }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "openstack-cluster.componentName" (list . "containerd-auth") }} + labels: {{ include "openstack-cluster.componentLabels" (list . "containerd-auth") | nindent 4 }} +stringData: + auth.toml: | + version = 2 + [plugins."io.containerd.grpc.v1.cri".registry.configs] + {{- range $registry, $auth := .Values.registryAuth }} + [plugins."io.containerd.grpc.v1.cri".registry.configs."{{ $registry }}".auth] + username = "{{ $auth.username }}" + password = "{{ $auth.password }}" + {{- end }} +{{- end }} diff --git a/charts/openstack-cluster/values.yaml b/charts/openstack-cluster/values.yaml index 93d124d..37c2be3 100644 --- a/charts/openstack-cluster/values.yaml +++ b/charts/openstack-cluster/values.yaml @@ -68,6 +68,12 @@ clusterNetworking: registryMirrors: {} # docker.io: ["https://registry.my.domain/v2/dockerhub-public"] +# Settings for node-level registry auth +registryAuth: {} + # registry-1.docker.io: + # username: "" + # password: "" + # List of additional packages to install on cluster nodes additionalPackages: [] # - nfs-common