Update containerd config to use the right docker registry cert

Currently containerd is configured to use /etc/ssl/private/registry-cert.crt to access docker registry at registry.local:9001. But newly installed docker registry certificate will be in /etc/docker/certs.d/registry.local:9001/registry-cert.crt. While this is ok for controller nodes (as the registry cert at both locations will be updated to the new one on controllers), worker node will fail to access registry.local by certificate verification as containerd still uses /etc/ssl/private/registry-cert.crt which is not updated. /etc/docker/certs.d/registry.local:9001/registry-cert.crt is the right cert for any client to access registry.local. This commit updated containerd config file to point to the right registry cert. Change-Id: Id9c22994edea03da3449b0146cf04a3538d67716 Closes-Bug: 1870406 Signed-off-by: Andy Ning <andy.ning@windriver.com>
2020-06-19 11:22:59 -04:00 · 2020-06-19 11:22:59 -04:00 · 464b1e02d8
commit 464b1e02d8
parent ee84fdcc15
1 changed files with 1 additions and 1 deletions
--- a/puppet-manifests/src/modules/platform/templates/config.toml.erb
+++ b/puppet-manifests/src/modules/platform/templates/config.toml.erb
@ -85,7 +85,7 @@ oom_score = 0
 <%- end -%>
        # End of insecure registries
    [plugins.cri.registry.configs."registry.local:9001".tls]
-      ca_file = "/etc/ssl/private/registry-cert.crt"
+      ca_file = "/etc/docker/certs.d/registry.local:9001/registry-cert.crt"
    [plugins.cri.registry.configs."registry.local:9001".auth]
      auth = "<%= @registry_auth %>"
    [plugins.cri.x509_key_pair_streaming]