kubelet: Configure cri-o container registries

The _containers-image_ role configures _containers-registries.conf(5)_ and _containers-cert.d(5)_, which are used by CRI-O (and `podman`). Specifically, we'll use these to redirect requests for images on Docker Hub (docker.io) to the internal caching proxy.
2025-07-08 11:28:42 -05:00
parent f8f3dd5f83
commit 6667066826
5 changed files with 82 additions and 0 deletions
--- a/group_vars/kubelet.yml
+++ b/group_vars/kubelet.yml
@@ -12,3 +12,12 @@ collectd_df_ignore_mountpoint:
 - /etc/cni/net.d
 - /opt/cni
 - /usr/libexec/kubernetes/kubelet-plugins
+
+container_registries:
+- location: docker-hub.proxy.pyrocufflink.blue
+  prefix: docker.io
+
+container_registry_certs:
+  docker-hub.proxy.pyrocufflink.blue:443:
+    ca: >-
+      {{ lookup('file', 'dch-root-ca-r2.crt') }}