k3s/pkg/agent/containerd/config.go

package containerd

import (
	"net"
	"net/url"
	"os"
	"path/filepath"
	"strings"

	"github.com/containerd/containerd/remotes/docker"
	"github.com/k3s-io/k3s/pkg/agent/templates"
	util2 "github.com/k3s-io/k3s/pkg/agent/util"
	"github.com/k3s-io/k3s/pkg/daemons/config"
	"github.com/k3s-io/k3s/pkg/spegel"
	"github.com/k3s-io/k3s/pkg/version"
	"github.com/sirupsen/logrus"
)

// writeContainerdConfig renders and saves config.toml from the filled template
func writeContainerdConfig(cfg *config.Node, containerdConfig templates.ContainerdConfig) error {
	var containerdTemplate string
	containerdTemplateBytes, err := os.ReadFile(cfg.Containerd.Template)
	if err == nil {
		logrus.Infof("Using containerd template at %s", cfg.Containerd.Template)
		containerdTemplate = string(containerdTemplateBytes)
	} else if os.IsNotExist(err) {
		containerdTemplate = templates.ContainerdConfigTemplate
	} else {
		return err
	}
	parsedTemplate, err := templates.ParseTemplateFromConfig(containerdTemplate, containerdConfig)
	if err != nil {
		return err
	}

	return util2.WriteFile(cfg.Containerd.Config, parsedTemplate)
}

// writeContainerdHosts merges registry mirrors/configs, and renders and saves hosts.toml from the filled template
func writeContainerdHosts(cfg *config.Node, containerdConfig templates.ContainerdConfig) error {
	mirrorAddr := net.JoinHostPort(spegel.DefaultRegistry.InternalAddress, spegel.DefaultRegistry.RegistryPort)
	registry := containerdConfig.PrivateRegistryConfig
	hosts := map[string]templates.HostConfig{}

	for host, mirror := range registry.Mirrors {
		defaultHost, _ := docker.DefaultHost(host)
		config := templates.HostConfig{
			Host:    defaultHost,
			Program: version.Program,
		}
		if host == "*" {
			host = "_default"
			config.Host = ""
		} else if containerdConfig.NoDefaultEndpoint {
			config.Host = ""
		}
		// TODO: rewrites are currently copied from the mirror settings into each endpoint.
		// In the future, we should allow for per-endpoint rewrites, instead of expecting
		// all mirrors to have the same structure. This will require changes to the registries.yaml
		// structure, which is defined in rancher/wharfie.
		for _, endpoint := range mirror.Endpoints {
			if endpointURL, err := url.Parse(endpoint); err == nil {
				re := templates.RegistryEndpoint{
					OverridePath: endpointURL.Path != "" && endpointURL.Path != "/" && !strings.HasSuffix(endpointURL.Path, "/v2"),
					Config:       registry.Configs[endpointURL.Host],
					Rewrites:     mirror.Rewrites,
					URI:          endpoint,
				}
				// Do not apply rewrites to the embedded registry endpoint
				if endpointURL.Host == mirrorAddr {
					re.Rewrites = nil
				}
				config.Endpoints = append(config.Endpoints, re)
			}
		}
		hosts[host] = config
	}

	for host, registry := range registry.Configs {
		config, ok := hosts[host]
		if !ok {
			config = templates.HostConfig{
				Program: version.Program,
			}
		}
		if len(config.Endpoints) == 0 {
			config.Endpoints = []templates.RegistryEndpoint{
				{
					Config: registry,
					URI:    "https://" + host,
				},
			}
		}
		hosts[host] = config
	}

	// Clean up previous configuration templates
	os.RemoveAll(cfg.Containerd.Registry)

	// Write out new templates
	for host, config := range hosts {
		hostDir := filepath.Join(cfg.Containerd.Registry, host)
		hostsFile := filepath.Join(hostDir, "hosts.toml")
		hostsTemplate, err := templates.ParseHostsTemplateFromConfig(templates.HostsTomlTemplate, config)
		if err != nil {
			return err
		}
		if err := os.MkdirAll(hostDir, 0700); err != nil {
			return err
		}
		if err := util2.WriteFile(hostsFile, hostsTemplate); err != nil {
			return err
		}
	}

	return nil
}
Add support for containerd cri registry config_path Render cri registry mirrors.x.endpoints and configs.x.tls into config_path; keep using mirrors.x.rewrites and configs.x.auth those do not yet have an equivalent in the new format. The new config file format allows disabling containerd's fallback to the default endpoint when using mirror endpoints; a new CLI flag is added to control that behavior. This also re-shares some code that was unnecessarily split into parallel implementations for linux/windows versions. There is probably more work to be done on this front but it's a good start. Signed-off-by: Brad Davidson <brad.davidson@rancher.com> 2023-11-30 02:14:01 +00:00			`package containerd`

			`import (`
Add embedded registry implementation Signed-off-by: Brad Davidson <brad.davidson@rancher.com> 2023-12-06 00:25:49 +00:00			`"net"`
Add support for containerd cri registry config_path Render cri registry mirrors.x.endpoints and configs.x.tls into config_path; keep using mirrors.x.rewrites and configs.x.auth those do not yet have an equivalent in the new format. The new config file format allows disabling containerd's fallback to the default endpoint when using mirror endpoints; a new CLI flag is added to control that behavior. This also re-shares some code that was unnecessarily split into parallel implementations for linux/windows versions. There is probably more work to be done on this front but it's a good start. Signed-off-by: Brad Davidson <brad.davidson@rancher.com> 2023-11-30 02:14:01 +00:00			`"net/url"`
			`"os"`
			`"path/filepath"`
			`"strings"`

			`"github.com/containerd/containerd/remotes/docker"`
			`"github.com/k3s-io/k3s/pkg/agent/templates"`
			`util2 "github.com/k3s-io/k3s/pkg/agent/util"`
			`"github.com/k3s-io/k3s/pkg/daemons/config"`
Add embedded registry implementation Signed-off-by: Brad Davidson <brad.davidson@rancher.com> 2023-12-06 00:25:49 +00:00			`"github.com/k3s-io/k3s/pkg/spegel"`
Add support for containerd cri registry config_path Render cri registry mirrors.x.endpoints and configs.x.tls into config_path; keep using mirrors.x.rewrites and configs.x.auth those do not yet have an equivalent in the new format. The new config file format allows disabling containerd's fallback to the default endpoint when using mirror endpoints; a new CLI flag is added to control that behavior. This also re-shares some code that was unnecessarily split into parallel implementations for linux/windows versions. There is probably more work to be done on this front but it's a good start. Signed-off-by: Brad Davidson <brad.davidson@rancher.com> 2023-11-30 02:14:01 +00:00			`"github.com/k3s-io/k3s/pkg/version"`
			`"github.com/sirupsen/logrus"`
			`)`

			`// writeContainerdConfig renders and saves config.toml from the filled template`
			`func writeContainerdConfig(cfg *config.Node, containerdConfig templates.ContainerdConfig) error {`
			`var containerdTemplate string`
			`containerdTemplateBytes, err := os.ReadFile(cfg.Containerd.Template)`
			`if err == nil {`
			`logrus.Infof("Using containerd template at %s", cfg.Containerd.Template)`
			`containerdTemplate = string(containerdTemplateBytes)`
			`} else if os.IsNotExist(err) {`
			`containerdTemplate = templates.ContainerdConfigTemplate`
			`} else {`
			`return err`
			`}`
			`parsedTemplate, err := templates.ParseTemplateFromConfig(containerdTemplate, containerdConfig)`
			`if err != nil {`
			`return err`
			`}`

			`return util2.WriteFile(cfg.Containerd.Config, parsedTemplate)`
			`}`

			`// writeContainerdHosts merges registry mirrors/configs, and renders and saves hosts.toml from the filled template`
			`func writeContainerdHosts(cfg *config.Node, containerdConfig templates.ContainerdConfig) error {`
Add embedded registry implementation Signed-off-by: Brad Davidson <brad.davidson@rancher.com> 2023-12-06 00:25:49 +00:00			`mirrorAddr := net.JoinHostPort(spegel.DefaultRegistry.InternalAddress, spegel.DefaultRegistry.RegistryPort)`
Add support for containerd cri registry config_path Render cri registry mirrors.x.endpoints and configs.x.tls into config_path; keep using mirrors.x.rewrites and configs.x.auth those do not yet have an equivalent in the new format. The new config file format allows disabling containerd's fallback to the default endpoint when using mirror endpoints; a new CLI flag is added to control that behavior. This also re-shares some code that was unnecessarily split into parallel implementations for linux/windows versions. There is probably more work to be done on this front but it's a good start. Signed-off-by: Brad Davidson <brad.davidson@rancher.com> 2023-11-30 02:14:01 +00:00			`registry := containerdConfig.PrivateRegistryConfig`
			`hosts := map[string]templates.HostConfig{}`

			`for host, mirror := range registry.Mirrors {`
			`defaultHost, _ := docker.DefaultHost(host)`
			`config := templates.HostConfig{`
			`Host: defaultHost,`
			`Program: version.Program,`
			`}`
			`if host == "*" {`
			`host = "_default"`
			`config.Host = ""`
			`} else if containerdConfig.NoDefaultEndpoint {`
			`config.Host = ""`
			`}`
			`// TODO: rewrites are currently copied from the mirror settings into each endpoint.`
			`// In the future, we should allow for per-endpoint rewrites, instead of expecting`
			`// all mirrors to have the same structure. This will require changes to the registries.yaml`
			`// structure, which is defined in rancher/wharfie.`
			`for _, endpoint := range mirror.Endpoints {`
			`if endpointURL, err := url.Parse(endpoint); err == nil {`
Add embedded registry implementation Signed-off-by: Brad Davidson <brad.davidson@rancher.com> 2023-12-06 00:25:49 +00:00			`re := templates.RegistryEndpoint{`
Add support for containerd cri registry config_path Render cri registry mirrors.x.endpoints and configs.x.tls into config_path; keep using mirrors.x.rewrites and configs.x.auth those do not yet have an equivalent in the new format. The new config file format allows disabling containerd's fallback to the default endpoint when using mirror endpoints; a new CLI flag is added to control that behavior. This also re-shares some code that was unnecessarily split into parallel implementations for linux/windows versions. There is probably more work to be done on this front but it's a good start. Signed-off-by: Brad Davidson <brad.davidson@rancher.com> 2023-11-30 02:14:01 +00:00			`OverridePath: endpointURL.Path != "" && endpointURL.Path != "/" && !strings.HasSuffix(endpointURL.Path, "/v2"),`
			`Config: registry.Configs[endpointURL.Host],`
			`Rewrites: mirror.Rewrites,`
			`URI: endpoint,`
Add embedded registry implementation Signed-off-by: Brad Davidson <brad.davidson@rancher.com> 2023-12-06 00:25:49 +00:00			`}`
			`// Do not apply rewrites to the embedded registry endpoint`
			`if endpointURL.Host == mirrorAddr {`
			`re.Rewrites = nil`
			`}`
			`config.Endpoints = append(config.Endpoints, re)`
Add support for containerd cri registry config_path Render cri registry mirrors.x.endpoints and configs.x.tls into config_path; keep using mirrors.x.rewrites and configs.x.auth those do not yet have an equivalent in the new format. The new config file format allows disabling containerd's fallback to the default endpoint when using mirror endpoints; a new CLI flag is added to control that behavior. This also re-shares some code that was unnecessarily split into parallel implementations for linux/windows versions. There is probably more work to be done on this front but it's a good start. Signed-off-by: Brad Davidson <brad.davidson@rancher.com> 2023-11-30 02:14:01 +00:00			`}`
			`}`
			`hosts[host] = config`
			`}`

			`for host, registry := range registry.Configs {`
			`config, ok := hosts[host]`
			`if !ok {`
			`config = templates.HostConfig{`
			`Program: version.Program,`
			`}`
			`}`
			`if len(config.Endpoints) == 0 {`
			`config.Endpoints = []templates.RegistryEndpoint{`
			`{`
			`Config: registry,`
			`URI: "https://" + host,`
			`},`
			`}`
			`}`
			`hosts[host] = config`
			`}`

			`// Clean up previous configuration templates`
			`os.RemoveAll(cfg.Containerd.Registry)`

			`// Write out new templates`
			`for host, config := range hosts {`
			`hostDir := filepath.Join(cfg.Containerd.Registry, host)`
			`hostsFile := filepath.Join(hostDir, "hosts.toml")`
			`hostsTemplate, err := templates.ParseHostsTemplateFromConfig(templates.HostsTomlTemplate, config)`
			`if err != nil {`
			`return err`
			`}`
			`if err := os.MkdirAll(hostDir, 0700); err != nil {`
			`return err`
			`}`
			`if err := util2.WriteFile(hostsFile, hostsTemplate); err != nil {`
			`return err`
			`}`
			`}`

			`return nil`
			`}`