fix: update containerd config template to handle image registry authentication more robustly (#2842)

Signed-off-by: redscholar <blacktiledhouse@gmail.com>
2025-12-25 17:12:50 +00:00 · 2025-11-07 17:10:22 +08:00 · 2025-11-07 17:10:22 +08:00 · 6e382eaa73
parent c75b70bbcd
commit 6e382eaa73
1 changed files with 8 additions and 6 deletions
--- a/builtin/core/roles/cri/containerd/templates/config.toml
+++ b/builtin/core/roles/cri/containerd/templates/config.toml
@ -59,20 +59,22 @@ state = "/run/containerd"
 {{- if or (.cri.registry.auths | empty | not) (.groups.image_registry | default list | empty | not) }}
        [plugins."io.containerd.grpc.v1.cri".registry.configs]
 {{- end }}
+{{- if .image_registry.auth.registry | empty | not }}
          [plugins."io.containerd.grpc.v1.cri".registry.configs."{{ .image_registry.auth.registry }}".auth]
            username = "{{ .image_registry.auth.username }}"
            password = "{{ .image_registry.auth.password }}"
          [plugins."io.containerd.grpc.v1.cri".registry.configs."{{ .image_registry.auth.registry }}".tls]
-{{- if .image_registry.auth.ca_file | empty | not }}
+  {{- if .image_registry.auth.ca_file | empty | not }}
            ca_file = "/etc/containerd/certs.d/{{ .image_registry.auth.registry }}/ca.crt"
-{{- end }}
-{{- if .image_registry.auth.cert_file | empty | not }}
+  {{- end }}
+  {{- if .image_registry.auth.cert_file | empty | not }}
            cert_file = "/etc/containerd/certs.d/{{ .image_registry.auth.registry }}/server.crt"
-{{- end }}
-{{- if .image_registry.auth.key_file | empty | not }}
+  {{- end }}
+  {{- if .image_registry.auth.key_file | empty | not }}
            key_file = "/etc/containerd/certs.d/{{ .image_registry.auth.registry }}/server.key"
-{{- end }}
+  {{- end }}
            insecure_skip_verify = {{ .image_registry.auth.insecure | default true }}
+{{- end }}
 {{- if .cri.registry.auths | empty | not }}
  {{- range .cri.registry.auths }}
          [plugins."io.containerd.grpc.v1.cri".registry.configs."{{ .repo }}".auth]