cri-o: add variable to configure unsecure pull (#6568)

By default do not allow "unqualified" (without a registry) images because it is considered unsecure and subject to mitm attacks. To enable insecure pull configure for example: crio_registries: - "docker.io" - "quay.io"
2026-03-09 11:47:47 +03:00 · 2020-08-27 18:09:53 +02:00
parent 706c7cb4f1
commit 9e2d282709
2 changed files with 10 additions and 2 deletions
--- a/roles/container-engine/cri-o/templates/crio.conf.j2
+++ b/roles/container-engine/cri-o/templates/crio.conf.j2
@@ -350,8 +350,11 @@ image_volumes = "mkdir"
 # compatibility reasons. Depending on your workload and usecase you may add more
 # registries (e.g., "quay.io", "registry.fedoraproject.org",
 # "registry.opensuse.org", etc.).
-#registries = [
-# ]
+registries = [
+  {% for registry in crio_registries %}
+  "{{ registry }}",
+  {% endfor %}
+]


 # The crio.network table containers settings pertaining to the management of