From 1f186ed451894a55d0336c9736df7d147b2c3a55 Mon Sep 17 00:00:00 2001
From: kyrie <139965836+KubeKyrie@users.noreply.github.com>
Date: Thu, 9 Jan 2025 17:48:31 +0800
Subject: [PATCH] add containerd registry mirror certificate configuration
 (#11857)

Signed-off-by: KubeKyrie <shaolong.qin@daocloud.io>
---
 roles/container-engine/containerd/defaults/main.yml       | 2 ++
 roles/container-engine/containerd/templates/hosts.toml.j2 | 6 ++++++
 2 files changed, 8 insertions(+)

diff --git a/roles/container-engine/containerd/defaults/main.yml b/roles/container-engine/containerd/defaults/main.yml
index 2ee81f4a8c7..cbdc99afc2f 100644
--- a/roles/container-engine/containerd/defaults/main.yml
+++ b/roles/container-engine/containerd/defaults/main.yml
@@ -62,6 +62,8 @@ containerd_registries_mirrors:
       - host: https://registry-1.docker.io
         capabilities: ["pull", "resolve"]
         skip_verify: false
+#        ca: ["/etc/certs/mirror.pem"]
+#        client: [["/etc/certs/client.pem", ""],["/etc/certs/client.cert", "/etc/certs/client.key"]]
 
 containerd_max_container_log_line_size: 16384
 
diff --git a/roles/container-engine/containerd/templates/hosts.toml.j2 b/roles/container-engine/containerd/templates/hosts.toml.j2
index ef63ff17af2..b2b16a65ffb 100644
--- a/roles/container-engine/containerd/templates/hosts.toml.j2
+++ b/roles/container-engine/containerd/templates/hosts.toml.j2
@@ -4,4 +4,10 @@ server = "{{ item.server | default("https://" + item.prefix) }}"
   capabilities = ["{{ ([ mirror.capabilities ] | flatten ) | join('","') }}"]
   skip_verify = {{ mirror.skip_verify | default('false') | string | lower }}
   override_path = {{ mirror.override_path | default('false') | string | lower }}
+{% if mirror.ca is defined %}
+  ca = ["{{ ([ mirror.ca ] | flatten ) | join('","') }}"]
+{% endif %}
+{% if mirror.client is defined %}
+  client = [{% for pair in mirror.client %}["{{ pair[0] }}", "{{ pair[1] }}"]{% if not loop.last %},{% endif %}{% endfor %}]
+{% endif %}
 {% endfor %}