From ccc5a8d34c7d2e61618bfdc0fec09cca674d1dc3 Mon Sep 17 00:00:00 2001 From: Dmitriy Matrenichev Date: Thu, 21 Nov 2024 22:45:49 +0300 Subject: [PATCH] chore: split `config.Registry` into the separate resource Required for #9614 Closes #9766 Signed-off-by: Dmitriy Matrenichev --- api/resource/definitions/cri/cri.proto | 35 + hack/structprotogen/proto/proto.go | 6 + .../server/v1alpha1/v1alpha1_images.go | 3 +- .../server/v1alpha1/v1alpha1_server.go | 3 +- .../pkg/controllers/cri/registries_config.go | 118 ++ .../controllers/cri/registries_config_test.go | 113 ++ .../controllers/files/cri_registry_config.go | 18 +- .../v1alpha1/v1alpha1_sequencer_tasks.go | 16 + .../runtime/v1alpha2/v1alpha2_controller.go | 1 + .../pkg/runtime/v1alpha2/v1alpha2_state.go | 1 + .../app/machined/pkg/system/services/etcd.go | 3 +- .../machined/pkg/system/services/kubelet.go | 3 +- .../pkg/system/services/registry/app/main.go | 5 +- .../pkg/system/services/registry/fs.go | 31 +- .../pkg/system/services/registry/params.go | 2 +- .../pkg/system/services/registry/registry.go | 6 +- .../system/services/registry/registry_test.go | 147 ++ .../machined/pkg/system/services/registryd.go | 45 +- internal/pkg/containers/image/image.go | 14 +- internal/pkg/extensions/pull.go | 4 +- internal/pkg/install/install.go | 21 +- internal/pkg/install/pull.go | 5 +- .../api/resource/definitions/cri/cri.pb.go | 479 +++++- .../definitions/cri/cri_vtproto.pb.go | 1339 +++++++++++++++++ .../types/v1alpha1/v1alpha1_provider.go | 2 +- pkg/machinery/resources/cri/cri.go | 44 +- pkg/machinery/resources/cri/cri_test.go | 1 + .../resources/cri/deep_copy.generated.go | 58 +- .../resources/cri/registries_config.go | 140 ++ website/content/v1.9/reference/api.md | 123 ++ 30 files changed, 2672 insertions(+), 114 deletions(-) create mode 100644 internal/app/machined/pkg/controllers/cri/registries_config.go create mode 100644 internal/app/machined/pkg/controllers/cri/registries_config_test.go create mode 100644 internal/app/machined/pkg/system/services/registry/registry_test.go create mode 100644 pkg/machinery/resources/cri/registries_config.go diff --git a/api/resource/definitions/cri/cri.proto b/api/resource/definitions/cri/cri.proto index 841a22481..e3c830ceb 100755 --- a/api/resource/definitions/cri/cri.proto +++ b/api/resource/definitions/cri/cri.proto @@ -5,6 +5,7 @@ package talos.resource.definitions.cri; option go_package = "github.com/siderolabs/talos/pkg/machinery/api/resource/definitions/cri"; option java_package = "dev.talos.api.resource.definitions.cri"; +import "common/common.proto"; import "google/protobuf/struct.proto"; import "resource/definitions/enums/enums.proto"; @@ -14,6 +15,40 @@ message ImageCacheConfigSpec { repeated string roots = 2; } +// RegistriesConfigSpec describes status of rendered secrets. +message RegistriesConfigSpec { + map registry_mirrors = 1; + map registry_config = 2; +} + +// RegistryAuthConfig specifies authentication configuration for a registry. +message RegistryAuthConfig { + string registry_username = 1; + string registry_password = 2; + string registry_auth = 3; + string registry_identity_token = 4; +} + +// RegistryConfig specifies auth & TLS config per registry. +message RegistryConfig { + RegistryTLSConfig registry_tls = 1; + RegistryAuthConfig registry_auth = 2; +} + +// RegistryMirrorConfig represents mirror configuration for a registry. +message RegistryMirrorConfig { + repeated string mirror_endpoints = 1; + bool mirror_override_path = 2; + bool mirror_skip_fallback = 3; +} + +// RegistryTLSConfig specifies TLS config for HTTPS registries. +message RegistryTLSConfig { + common.PEMEncodedCertificateAndKey tls_client_identity = 1; + bytes tlsca = 2; + bool tls_insecure_skip_verify = 3; +} + // SeccompProfileSpec represents the SeccompProfile. message SeccompProfileSpec { string name = 1; diff --git a/hack/structprotogen/proto/proto.go b/hack/structprotogen/proto/proto.go index 89c38a5ff..973e36682 100644 --- a/hack/structprotogen/proto/proto.go +++ b/hack/structprotogen/proto/proto.go @@ -396,6 +396,12 @@ func formatTypeName(fieldTypePkg string, fieldType string, declPkg string) (stri return commoProto, "common.PEMEncodedCertificate" case typeData{"github.com/siderolabs/talos/pkg/machinery/cel", "Expression"}: return "google/api/expr/v1alpha1/checked.proto", "google.api.expr.v1alpha1.CheckedExpr" + case typeData{"github.com/siderolabs/talos/pkg/machinery/resources/cri", "RegistryMirrorConfig"}: + // This is a hack, but I (Dmitry) don't have enough patience to figure out why we don't support complex maps + return "resource/definitions/cri/registry.proto", "talos.resource.definitions.cri.RegistryMirrorConfig" + case typeData{"github.com/siderolabs/talos/pkg/machinery/resources/cri", "RegistryConfig"}: + // This is a hack, but I (Dmitry) don't have enough patience to figure out why we don't support complex maps + return "resource/definitions/cri/registry.proto", "talos.resource.definitions.cri.RegistryConfig" default: return "", "" } diff --git a/internal/app/machined/internal/server/v1alpha1/v1alpha1_images.go b/internal/app/machined/internal/server/v1alpha1/v1alpha1_images.go index b9f025e0f..5e7908f01 100644 --- a/internal/app/machined/internal/server/v1alpha1/v1alpha1_images.go +++ b/internal/app/machined/internal/server/v1alpha1/v1alpha1_images.go @@ -19,6 +19,7 @@ import ( "github.com/siderolabs/talos/pkg/machinery/api/common" "github.com/siderolabs/talos/pkg/machinery/api/machine" "github.com/siderolabs/talos/pkg/machinery/constants" + "github.com/siderolabs/talos/pkg/machinery/resources/cri" ) func containerdNamespaceHelper(ctx context.Context, ns common.ContainerdNamespace) (context.Context, error) { @@ -91,7 +92,7 @@ func (s *Server) ImagePull(ctx context.Context, req *machine.ImagePullRequest) ( return nil, err } - _, err = image.Pull(ctx, s.Controller.Runtime().Config().Machine().Registries(), client, req.Reference, image.WithSkipIfAlreadyPulled()) + _, err = image.Pull(ctx, cri.RegistryBuilder(s.Controller.Runtime().State().V1Alpha2().Resources()), client, req.Reference, image.WithSkipIfAlreadyPulled()) if err != nil { if errdefs.IsNotFound(err) { return nil, status.Errorf(codes.NotFound, "error pulling image: %s", err) diff --git a/internal/app/machined/internal/server/v1alpha1/v1alpha1_server.go b/internal/app/machined/internal/server/v1alpha1/v1alpha1_server.go index 92dfdaeac..c435b2f28 100644 --- a/internal/app/machined/internal/server/v1alpha1/v1alpha1_server.go +++ b/internal/app/machined/internal/server/v1alpha1/v1alpha1_server.go @@ -83,6 +83,7 @@ import ( "github.com/siderolabs/talos/pkg/machinery/meta" "github.com/siderolabs/talos/pkg/machinery/nethelpers" "github.com/siderolabs/talos/pkg/machinery/resources/block" + crires "github.com/siderolabs/talos/pkg/machinery/resources/cri" etcdresource "github.com/siderolabs/talos/pkg/machinery/resources/etcd" "github.com/siderolabs/talos/pkg/machinery/resources/network" timeresource "github.com/siderolabs/talos/pkg/machinery/resources/time" @@ -482,7 +483,7 @@ func (s *Server) Upgrade(ctx context.Context, in *machine.UpgradeRequest) (*mach log.Printf("validating %q", in.GetImage()) - if err := install.PullAndValidateInstallerImage(ctx, s.Controller.Runtime().Config().Machine().Registries(), in.GetImage()); err != nil { + if err := install.PullAndValidateInstallerImage(ctx, crires.RegistryBuilder(s.Controller.Runtime().State().V1Alpha2().Resources()), in.GetImage()); err != nil { return nil, fmt.Errorf("error validating installer image %q: %w", in.GetImage(), err) } diff --git a/internal/app/machined/pkg/controllers/cri/registries_config.go b/internal/app/machined/pkg/controllers/cri/registries_config.go new file mode 100644 index 000000000..0927eceb4 --- /dev/null +++ b/internal/app/machined/pkg/controllers/cri/registries_config.go @@ -0,0 +1,118 @@ +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at http://mozilla.org/MPL/2.0/. + +package cri + +import ( + "context" + "fmt" + + "github.com/cosi-project/runtime/pkg/controller" + "github.com/cosi-project/runtime/pkg/controller/generic/transform" + "github.com/cosi-project/runtime/pkg/safe" + "github.com/cosi-project/runtime/pkg/state" + "github.com/siderolabs/gen/optional" + "go.uber.org/zap" + + "github.com/siderolabs/talos/pkg/machinery/constants" + "github.com/siderolabs/talos/pkg/machinery/resources/config" + "github.com/siderolabs/talos/pkg/machinery/resources/cri" +) + +// RegistriesConfigController watches v1alpha1.Config, updates registry.RegistriesConfig. +type RegistriesConfigController = transform.Controller[*config.MachineConfig, *cri.RegistriesConfig] + +// NewRegistriesConfigController creates new config controller. +// +//nolint:gocyclo +func NewRegistriesConfigController() *RegistriesConfigController { + return transform.NewController( + transform.Settings[*config.MachineConfig, *cri.RegistriesConfig]{ + Name: "cri.RegistriesConfigController", + MapMetadataOptionalFunc: func(cfg *config.MachineConfig) optional.Optional[*cri.RegistriesConfig] { + if cfg.Metadata().ID() != config.V1Alpha1ID { + return optional.None[*cri.RegistriesConfig]() + } + + return optional.Some(cri.NewRegistriesConfig()) + }, + TransformFunc: func(ctx context.Context, r controller.Reader, logger *zap.Logger, cfg *config.MachineConfig, res *cri.RegistriesConfig) error { + imageCacheConfig, err := safe.ReaderGetByID[*cri.ImageCacheConfig](ctx, r, cri.ImageCacheConfigID) + if err != nil && !state.IsNotFoundError(err) { + return fmt.Errorf("failed to get image cache config: %w", err) + } + + spec := res.TypedSpec() + + spec.RegistryConfig = clearInit(spec.RegistryConfig) + spec.RegistryMirrors = clearInit(spec.RegistryMirrors) + + if cfg != nil && cfg.Config().Machine() != nil { + // This is breaking our interface abstraction, but we need to get the underlying types for protobuf + // encoding to work correctly. + mr := cfg.Provider().RawV1Alpha1().MachineConfig.MachineRegistries + + for k, v := range mr.RegistryConfig { + spec.RegistryConfig[k] = &cri.RegistryConfig{ + RegistryTLS: &cri.RegistryTLSConfig{ + TLSClientIdentity: v.RegistryTLS.TLSClientIdentity, + TLSCA: v.RegistryTLS.TLSCA, + TLSInsecureSkipVerify: v.RegistryTLS.TLSInsecureSkipVerify, + }, + RegistryAuth: &cri.RegistryAuthConfig{ + RegistryUsername: v.RegistryAuth.RegistryUsername, + RegistryPassword: v.RegistryAuth.RegistryPassword, + RegistryAuth: v.RegistryAuth.RegistryAuth, + RegistryIdentityToken: v.RegistryAuth.RegistryIdentityToken, + }, + } + } + + for k, v := range mr.RegistryMirrors { + spec.RegistryMirrors[k] = &cri.RegistryMirrorConfig{ + MirrorEndpoints: v.MirrorEndpoints, + MirrorOverridePath: v.MirrorOverridePath, + MirrorSkipFallback: v.MirrorSkipFallback, + } + } + } + + if imageCacheConfig != nil && imageCacheConfig.TypedSpec().Status == cri.ImageCacheStatusReady { + // if the '*' was configured, we just use it, otherwise create it so that we can inject the registryd + if _, hasStar := spec.RegistryMirrors["*"]; !hasStar { + spec.RegistryMirrors["*"] = &cri.RegistryMirrorConfig{} + } + + // inject the registryd mirror endpoint as the first one for all registries + for registry := range spec.RegistryMirrors { + spec.RegistryMirrors[registry].MirrorEndpoints = append( + []string{"http://" + constants.RegistrydListenAddress}, + spec.RegistryMirrors[registry].MirrorEndpoints..., + ) + } + } + + return nil + }, + }, + transform.WithExtraInputs( + controller.Input{ + Namespace: cri.NamespaceName, + Type: cri.ImageCacheConfigType, + ID: optional.Some(cri.ImageCacheConfigID), + Kind: controller.InputWeak, + }, + ), + ) +} + +func clearInit[M ~map[K]V, K comparable, V any](m M) M { + if m == nil { + return make(M) + } + + clear(m) + + return m +} diff --git a/internal/app/machined/pkg/controllers/cri/registries_config_test.go b/internal/app/machined/pkg/controllers/cri/registries_config_test.go new file mode 100644 index 000000000..d6eba986e --- /dev/null +++ b/internal/app/machined/pkg/controllers/cri/registries_config_test.go @@ -0,0 +1,113 @@ +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at http://mozilla.org/MPL/2.0/. + +package cri_test + +import ( + "testing" + "time" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/suite" + + "github.com/siderolabs/talos/internal/app/machined/pkg/controllers/cri" + "github.com/siderolabs/talos/internal/app/machined/pkg/controllers/ctest" + "github.com/siderolabs/talos/pkg/machinery/config/container" + "github.com/siderolabs/talos/pkg/machinery/config/types/v1alpha1" + "github.com/siderolabs/talos/pkg/machinery/constants" + "github.com/siderolabs/talos/pkg/machinery/resources/config" + crires "github.com/siderolabs/talos/pkg/machinery/resources/cri" +) + +type ConfigSuite struct { + ctest.DefaultSuite +} + +func (suite *ConfigSuite) TestRegistry() { + cfg := config.NewMachineConfig(container.NewV1Alpha1(&v1alpha1.Config{ + ConfigVersion: "v1alpha1", + MachineConfig: &v1alpha1.MachineConfig{ + MachineType: "controlplane", + MachineRegistries: v1alpha1.RegistriesConfig{ + RegistryMirrors: map[string]*v1alpha1.RegistryMirrorConfig{ + "docker.io": {MirrorEndpoints: []string{"https://mirror.io"}}, + }, + }, + }, + })) + + suite.Require().NoError(suite.State().Create(suite.Ctx(), cfg)) + + ctest.AssertResource(suite, crires.RegistriesConfigID, func(r *crires.RegistriesConfig, a *assert.Assertions) { + spec := r.TypedSpec() + + a.Equal( + map[string]*crires.RegistryMirrorConfig{ + "docker.io": {MirrorEndpoints: []string{"https://mirror.io"}}, + }, + spec.RegistryMirrors, + ) + }) + + ic := crires.NewImageCacheConfig() + ic.TypedSpec().Roots = []string{"/imagecache"} + ic.TypedSpec().Status = crires.ImageCacheStatusReady + + suite.Require().NoError(suite.State().Create(suite.Ctx(), ic)) + + ctest.AssertResource(suite, crires.RegistriesConfigID, func(r *crires.RegistriesConfig, a *assert.Assertions) { + spec := r.TypedSpec() + + a.Equal( + map[string]*crires.RegistryMirrorConfig{ + "*": {MirrorEndpoints: []string{ + "http://" + constants.RegistrydListenAddress, + }}, + "docker.io": {MirrorEndpoints: []string{ + "http://" + constants.RegistrydListenAddress, + "https://mirror.io", + }}, + }, + spec.RegistryMirrors, + ) + }) +} + +func (suite *ConfigSuite) TestRegistryNoMachineConfig() { + cfg := config.NewMachineConfig(container.NewV1Alpha1(nil)) + + suite.Require().NoError(suite.State().Create(suite.Ctx(), cfg)) + + ic := crires.NewImageCacheConfig() + ic.TypedSpec().Roots = []string{"/imagecache"} + ic.TypedSpec().Status = crires.ImageCacheStatusReady + + suite.Require().NoError(suite.State().Create(suite.Ctx(), ic)) + + ctest.AssertResource(suite, crires.RegistriesConfigID, func(r *crires.RegistriesConfig, a *assert.Assertions) { + spec := r.TypedSpec() + + a.Equal( + map[string]*crires.RegistryMirrorConfig{ + "*": {MirrorEndpoints: []string{ + "http://" + constants.RegistrydListenAddress, + }}, + }, + spec.RegistryMirrors, + ) + }) +} + +func TestConfigSuite(t *testing.T) { + t.Parallel() + + suite.Run(t, &ConfigSuite{ + DefaultSuite: ctest.DefaultSuite{ + Timeout: 5 * time.Second, + AfterSetup: func(s *ctest.DefaultSuite) { + s.Require().NoError(s.Runtime().RegisterController(cri.NewRegistriesConfigController())) + }, + }, + }) +} diff --git a/internal/app/machined/pkg/controllers/files/cri_registry_config.go b/internal/app/machined/pkg/controllers/files/cri_registry_config.go index 560f07dcd..7a4da76ce 100644 --- a/internal/app/machined/pkg/controllers/files/cri_registry_config.go +++ b/internal/app/machined/pkg/controllers/files/cri_registry_config.go @@ -22,7 +22,7 @@ import ( "github.com/siderolabs/talos/internal/pkg/containers/cri/containerd" "github.com/siderolabs/talos/pkg/machinery/constants" - "github.com/siderolabs/talos/pkg/machinery/resources/config" + "github.com/siderolabs/talos/pkg/machinery/resources/cri" "github.com/siderolabs/talos/pkg/machinery/resources/files" ) @@ -40,9 +40,9 @@ func (ctrl *CRIRegistryConfigController) Name() string { func (ctrl *CRIRegistryConfigController) Inputs() []controller.Input { return []controller.Input{ { - Namespace: config.NamespaceName, - Type: config.MachineConfigType, - ID: optional.Some(config.V1Alpha1ID), + Namespace: cri.NamespaceName, + Type: cri.RegistriesConfigType, + ID: optional.Some(cri.RegistriesConfigID), Kind: controller.InputWeak, }, } @@ -88,9 +88,9 @@ func (ctrl *CRIRegistryConfigController) Run(ctx context.Context, r controller.R case <-r.EventCh(): } - cfg, err := safe.ReaderGetByID[*config.MachineConfig](ctx, r, config.V1Alpha1ID) + cfg, err := safe.ReaderGetByID[*cri.RegistriesConfig](ctx, r, cri.RegistriesConfigID) if err != nil && !state.IsNotFoundError(err) { - return fmt.Errorf("error getting config: %w", err) + return fmt.Errorf("error getting registries config: %w", err) } var ( @@ -98,13 +98,13 @@ func (ctrl *CRIRegistryConfigController) Run(ctx context.Context, r controller.R criHosts *containerd.HostsConfig ) - if cfg != nil && cfg.Config().Machine() != nil { - criRegistryContents, err = containerd.GenerateCRIConfig(cfg.Config().Machine().Registries()) + if cfg != nil { + criRegistryContents, err = containerd.GenerateCRIConfig(cfg.TypedSpec()) if err != nil { return err } - criHosts, err = containerd.GenerateHosts(cfg.Config().Machine().Registries(), basePath) + criHosts, err = containerd.GenerateHosts(cfg.TypedSpec(), basePath) if err != nil { return err } diff --git a/internal/app/machined/pkg/runtime/v1alpha1/v1alpha1_sequencer_tasks.go b/internal/app/machined/pkg/runtime/v1alpha1/v1alpha1_sequencer_tasks.go index 88910b5d9..e6d1a93ef 100644 --- a/internal/app/machined/pkg/runtime/v1alpha1/v1alpha1_sequencer_tasks.go +++ b/internal/app/machined/pkg/runtime/v1alpha1/v1alpha1_sequencer_tasks.go @@ -70,6 +70,7 @@ import ( "github.com/siderolabs/talos/pkg/machinery/constants" metamachinery "github.com/siderolabs/talos/pkg/machinery/meta" blockres "github.com/siderolabs/talos/pkg/machinery/resources/block" + crires "github.com/siderolabs/talos/pkg/machinery/resources/cri" resourcefiles "github.com/siderolabs/talos/pkg/machinery/resources/files" "github.com/siderolabs/talos/pkg/machinery/resources/k8s" resourceruntime "github.com/siderolabs/talos/pkg/machinery/resources/runtime" @@ -1513,6 +1514,7 @@ func Upgrade(_ runtime.Sequence, data any) (runtime.TaskExecutionFunc, string) { in.GetImage(), r.Config(), r.ConfigContainer(), + crires.RegistryBuilder(r.State().V1Alpha2().Resources()), install.OptionsFromUpgradeRequest(r, in)..., ) if err != nil { @@ -1687,6 +1689,12 @@ func Install(runtime.Sequence, any) (runtime.TaskExecutionFunc, string) { installerImage = images.DefaultInstallerImage } + logger.Printf("waiting for the image cache") + + if err = crires.WaitForImageCache(ctx, r.State().V1Alpha2().Resources()); err != nil { + return fmt.Errorf("failed to wait for the image cache: %w", err) + } + var disk string matchExpr, err := r.Config().Machine().Install().DiskMatchExpression() @@ -1725,6 +1733,7 @@ func Install(runtime.Sequence, any) (runtime.TaskExecutionFunc, string) { installerImage, r.Config(), r.ConfigContainer(), + crires.RegistryBuilder(r.State().V1Alpha2().Resources()), install.WithForce(true), install.WithZero(r.Config().Machine().Install().Zero()), install.WithExtraKernelArgs(r.Config().Machine().Install().ExtraKernelArgs()), @@ -1772,6 +1781,12 @@ func Install(runtime.Sequence, any) (runtime.TaskExecutionFunc, string) { return fmt.Errorf("error unserializing install options: %w", err) } + logger.Printf("waiting for the image cache") + + if err = crires.WaitForImageCache(ctx, r.State().V1Alpha2().Resources()); err != nil { + return fmt.Errorf("failed to wait for the image cache: %w", err) + } + logger.Printf("performing staged upgrade via %q", r.State().Machine().StagedInstallImageRef()) err = install.RunInstallerContainer( @@ -1779,6 +1794,7 @@ func Install(runtime.Sequence, any) (runtime.TaskExecutionFunc, string) { r.State().Machine().StagedInstallImageRef(), r.Config(), r.ConfigContainer(), + crires.RegistryBuilder(r.State().V1Alpha2().Resources()), install.WithOptions(options), ) if err != nil { diff --git a/internal/app/machined/pkg/runtime/v1alpha2/v1alpha2_controller.go b/internal/app/machined/pkg/runtime/v1alpha2/v1alpha2_controller.go index ffb19dfcf..c2815a51a 100644 --- a/internal/app/machined/pkg/runtime/v1alpha2/v1alpha2_controller.go +++ b/internal/app/machined/pkg/runtime/v1alpha2/v1alpha2_controller.go @@ -278,6 +278,7 @@ func (ctrl *Controller) Run(ctx context.Context, drainer *runtime.Drainer) error &network.TimeServerMergeController{}, &network.TimeServerSpecController{}, &perf.StatsController{}, + cri.NewRegistriesConfigController(), &runtimecontrollers.CRIImageGCController{}, &runtimecontrollers.DevicesStatusController{ V1Alpha1Mode: ctrl.v1alpha1Runtime.State().Platform().Mode(), diff --git a/internal/app/machined/pkg/runtime/v1alpha2/v1alpha2_state.go b/internal/app/machined/pkg/runtime/v1alpha2/v1alpha2_state.go index 7842e57e9..1d762128f 100644 --- a/internal/app/machined/pkg/runtime/v1alpha2/v1alpha2_state.go +++ b/internal/app/machined/pkg/runtime/v1alpha2/v1alpha2_state.go @@ -186,6 +186,7 @@ func NewState() (*State, error) { &network.TimeServerSpec{}, &perf.CPU{}, &perf.Memory{}, + &cri.RegistriesConfig{}, &runtime.DevicesStatus{}, &runtime.Diagnostic{}, &runtime.EventSinkConfig{}, diff --git a/internal/app/machined/pkg/system/services/etcd.go b/internal/app/machined/pkg/system/services/etcd.go index 0eaeb849a..86b4ccb00 100644 --- a/internal/app/machined/pkg/system/services/etcd.go +++ b/internal/app/machined/pkg/system/services/etcd.go @@ -50,6 +50,7 @@ import ( "github.com/siderolabs/talos/pkg/machinery/constants" "github.com/siderolabs/talos/pkg/machinery/meta" "github.com/siderolabs/talos/pkg/machinery/nethelpers" + "github.com/siderolabs/talos/pkg/machinery/resources/cri" etcdresource "github.com/siderolabs/talos/pkg/machinery/resources/etcd" "github.com/siderolabs/talos/pkg/machinery/resources/k8s" "github.com/siderolabs/talos/pkg/machinery/resources/network" @@ -120,7 +121,7 @@ func (e *Etcd) PreFunc(ctx context.Context, r runtime.Runtime) error { return fmt.Errorf("failed to get etcd spec: %w", err) } - img, err := image.Pull(containerdctx, r.Config().Machine().Registries(), client, spec.TypedSpec().Image, image.WithSkipIfAlreadyPulled()) + img, err := image.Pull(containerdctx, cri.RegistryBuilder(r.State().V1Alpha2().Resources()), client, spec.TypedSpec().Image, image.WithSkipIfAlreadyPulled()) if err != nil { return fmt.Errorf("failed to pull image %q: %w", spec.TypedSpec().Image, err) } diff --git a/internal/app/machined/pkg/system/services/kubelet.go b/internal/app/machined/pkg/system/services/kubelet.go index aefa4825a..4f5a9ed59 100644 --- a/internal/app/machined/pkg/system/services/kubelet.go +++ b/internal/app/machined/pkg/system/services/kubelet.go @@ -33,6 +33,7 @@ import ( "github.com/siderolabs/talos/pkg/conditions" "github.com/siderolabs/talos/pkg/machinery/config/machine" "github.com/siderolabs/talos/pkg/machinery/constants" + "github.com/siderolabs/talos/pkg/machinery/resources/cri" "github.com/siderolabs/talos/pkg/machinery/resources/k8s" "github.com/siderolabs/talos/pkg/machinery/resources/network" timeresource "github.com/siderolabs/talos/pkg/machinery/resources/time" @@ -70,7 +71,7 @@ func (k *Kubelet) PreFunc(ctx context.Context, r runtime.Runtime) error { // Pull the image and unpack it. containerdctx := namespaces.WithNamespace(ctx, constants.SystemContainerdNamespace) - img, err := image.Pull(containerdctx, r.Config().Machine().Registries(), client, spec.Image, image.WithSkipIfAlreadyPulled()) + img, err := image.Pull(containerdctx, cri.RegistryBuilder(r.State().V1Alpha2().Resources()), client, spec.Image, image.WithSkipIfAlreadyPulled()) if err != nil { return err } diff --git a/internal/app/machined/pkg/system/services/registry/app/main.go b/internal/app/machined/pkg/system/services/registry/app/main.go index e10a6c068..5545c6e19 100644 --- a/internal/app/machined/pkg/system/services/registry/app/main.go +++ b/internal/app/machined/pkg/system/services/registry/app/main.go @@ -7,7 +7,6 @@ package main import ( "context" "fmt" - "io/fs" "os" "os/signal" "path/filepath" @@ -38,9 +37,9 @@ func app() error { return fmt.Errorf("failed to get user home directory: %w", err) } - it := func(yield func(fs.StatFS) bool) { + it := func(yield func(string) bool) { for _, root := range []string{"registry-cache-2", "registry-cache"} { - if !yield(os.DirFS(filepath.Join(homeDir, root)).(fs.StatFS)) { + if !yield(filepath.Join(homeDir, root)) { return } } diff --git a/internal/app/machined/pkg/system/services/registry/fs.go b/internal/app/machined/pkg/system/services/registry/fs.go index e215d6d6b..775655c55 100644 --- a/internal/app/machined/pkg/system/services/registry/fs.go +++ b/internal/app/machined/pkg/system/services/registry/fs.go @@ -5,27 +5,33 @@ package registry import ( - "errors" "io/fs" "iter" + "os" + "path/filepath" "github.com/hashicorp/go-multierror" ) -// MultiPathFS is a FS that can be used to combine multiple FSs into one. +// MultiPathFS is a [fs.FS] that reads from multiple paths sequentially until it finds the file. type MultiPathFS struct { - fsIt iter.Seq[fs.StatFS] + fsIt iter.Seq[string] } // NewMultiPathFS creates a new MultiPathFS. It takes an iterator of FSs which can be used multiple times asynchrously. -func NewMultiPathFS(it iter.Seq[fs.StatFS]) *MultiPathFS { return &MultiPathFS{fsIt: it} } +func NewMultiPathFS(it iter.Seq[string]) *MultiPathFS { return &MultiPathFS{fsIt: it} } // Open opens the named file. func (m *MultiPathFS) Open(name string) (fs.File, error) { var multiErr *multierror.Error - for f := range m.fsIt { - r, err := f.Open(name) + for root := range m.fsIt { + abs, err := filepath.Abs(root) + if err != nil { + return nil, err + } + + r, err := os.Open(filepath.Join(abs, name)) if err == nil { return r, nil } @@ -34,7 +40,7 @@ func (m *MultiPathFS) Open(name string) (fs.File, error) { } if multiErr == nil { - return nil, errors.New("roots are empty") + return nil, os.ErrNotExist } return nil, multiErr.ErrorOrNil() @@ -44,8 +50,13 @@ func (m *MultiPathFS) Open(name string) (fs.File, error) { func (m *MultiPathFS) Stat(name string) (fs.FileInfo, error) { var multiErr *multierror.Error - for f := range m.fsIt { - r, err := f.Stat(name) + for root := range m.fsIt { + abs, err := filepath.Abs(root) + if err != nil { + return nil, err + } + + r, err := os.Stat(filepath.Join(abs, name)) if err == nil { return r, nil } @@ -54,7 +65,7 @@ func (m *MultiPathFS) Stat(name string) (fs.FileInfo, error) { } if multiErr == nil { - return nil, errors.New("roots are empty") + return nil, os.ErrNotExist } return nil, multiErr.ErrorOrNil() diff --git a/internal/app/machined/pkg/system/services/registry/params.go b/internal/app/machined/pkg/system/services/registry/params.go index 5d2c74107..de9174f3e 100644 --- a/internal/app/machined/pkg/system/services/registry/params.go +++ b/internal/app/machined/pkg/system/services/registry/params.go @@ -22,7 +22,7 @@ func extractParams(req *http.Request) (params, error) { value := req.PathValue("args") parts := strings.Split(path.Clean(value), "/") - if len(parts) < 4 { + if len(parts) < 3 { return params{}, xerrors.NewTaggedf[notFoundTag]("incorrect args value '%s'", value) } diff --git a/internal/app/machined/pkg/system/services/registry/registry.go b/internal/app/machined/pkg/system/services/registry/registry.go index b275cf327..29a3d14eb 100644 --- a/internal/app/machined/pkg/system/services/registry/registry.go +++ b/internal/app/machined/pkg/system/services/registry/registry.go @@ -184,11 +184,11 @@ func (svc *Service) resolveCanonicalRef(p params) (reference.Canonical, error) { ntSum, err := hashFile(taggedFile, svc.root) if err != nil { - if !errors.Is(err, os.ErrNotExist) { - return nil, xerrors.NewTaggedf[internalErrorTag]("failed to hash manifest: %w", err) + if errors.Is(err, os.ErrNotExist) { + return nil, xerrors.NewTagged[notFoundTag](err) } - return nil, xerrors.NewTagged[notFoundTag](err) + return nil, xerrors.NewTaggedf[internalErrorTag]("failed to hash manifest: %w", err) } sha256file := filepath.Join("manifests", namedTagged.Name(), "digest", digest.NewDigestFromBytes(digest.SHA256, ntSum).String()) diff --git a/internal/app/machined/pkg/system/services/registry/registry_test.go b/internal/app/machined/pkg/system/services/registry/registry_test.go new file mode 100644 index 000000000..d3e3a5762 --- /dev/null +++ b/internal/app/machined/pkg/system/services/registry/registry_test.go @@ -0,0 +1,147 @@ +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at http://mozilla.org/MPL/2.0/. + +package registry_test + +import ( + "cmp" + "context" + "errors" + "io" + "net/http" + "strings" + "sync" + "testing" + "time" + + "github.com/siderolabs/gen/xiter" + "github.com/siderolabs/gen/xtesting/check" + "github.com/siderolabs/go-pointer" + "github.com/stretchr/testify/require" + "go.uber.org/zap/zaptest" + + "github.com/siderolabs/talos/internal/app/machined/pkg/system/services/registry" + "github.com/siderolabs/talos/pkg/machinery/constants" +) + +func TestRegistry(t *testing.T) { + if testing.Short() { + t.Skip("skipping test in short mode.") + } + + logger := zaptest.NewLogger(t) + svc := registry.NewService(registry.NewMultiPathFS(xiter.Single("test")), logger) + + var wg sync.WaitGroup + + wg.Add(1) + + ctx, cancel := context.WithCancelCause(context.Background()) + defer cancel(nil) + + go func() { + defer wg.Done() + + cancel(cmp.Or(svc.Run(ctx), errors.New("service exited"))) + }() + + defer wg.Wait() + + time.Sleep(100 * time.Millisecond) + + tests := []struct { + name string + path string + method string + body io.Reader + check check.Check + expectedCode int + }{ + { + name: "HEAD /v2/", + path: "/v2/", + method: http.MethodHead, + check: check.NoError(), + expectedCode: http.StatusOK, + }, + { + name: "GET /v2/", + path: "/v2/", + method: http.MethodGet, + check: check.NoError(), + expectedCode: http.StatusOK, + }, + { + name: "HEAD /healthz", + path: "/healthz", + method: http.MethodHead, + check: check.NoError(), + expectedCode: http.StatusOK, + }, + { + name: "GET /healthz", + path: "/healthz", + method: http.MethodGet, + check: check.NoError(), + expectedCode: http.StatusOK, + }, + { + name: "GET /v2/alpine/manifests/3.20.3", + path: "/v2/alpine/manifests/3.20.3", + method: http.MethodGet, + check: check.NoError(), + expectedCode: http.StatusBadRequest, + }, + { + name: "GET /v2/alpine/manifests/3.20.3?ns=docker.io", + path: "/v2/alpine/manifests/3.20.3?ns=docker.io", + method: http.MethodGet, + check: check.NoError(), + expectedCode: http.StatusNotFound, + }, + } + + for _, test := range tests { + t.Run(test.name, func(t *testing.T) { + req, err := http.NewRequestWithContext(ctx, test.method, "http://"+constants.RegistrydListenAddress+test.path, test.body) + require.NoError(t, err) + + resp, err := http.DefaultClient.Do(req) + test.check(t, err) + + if resp != nil { + defer resp.Body.Close() //nolint:errcheck + } + + require.Equal(t, test.expectedCode, pointer.SafeDeref(resp).StatusCode, "unexpected status code, body is %s", readAll(t, resp)) + }) + } + + cancel(nil) + wg.Wait() + + err := ctx.Err() + if err == context.Canceled || err == context.DeadlineExceeded { + err = nil + } + + require.NoError(t, err) +} + +func readAll(t *testing.T, resp *http.Response) string { + if resp == nil || resp.Body == nil { + return "" + } + + var builder strings.Builder + + _, err := io.Copy(&builder, resp.Body) + require.NoError(t, err) + + if builder.String() == "" { + return "" + } + + return builder.String() +} diff --git a/internal/app/machined/pkg/system/services/registryd.go b/internal/app/machined/pkg/system/services/registryd.go index b0c033888..fef6fbca7 100644 --- a/internal/app/machined/pkg/system/services/registryd.go +++ b/internal/app/machined/pkg/system/services/registryd.go @@ -7,10 +7,10 @@ package services import ( "context" "io" - "io/fs" "os" "github.com/cosi-project/runtime/pkg/safe" + "go.uber.org/zap" "go.uber.org/zap/zapcore" "github.com/siderolabs/talos/internal/app/machined/pkg/runtime" @@ -47,28 +47,33 @@ func (r *registryD) HealthFunc(runtime.Runtime) health.Check { } func (r *registryD) Runner(rt runtime.Runtime) (runner.Runner, error) { - it := func(yield func(fs.StatFS) bool) { - imageCacheConfig, err := safe.StateGetByID[*cri.ImageCacheConfig](context.Background(), rt.State().V1Alpha2().Resources(), cri.ImageCacheConfigID) - if err != nil { - // we can't handle it here - return - } + return goroutine.NewRunner(rt, "registryd", func(ctx context.Context, r runtime.Runtime, logOutput io.Writer) error { + logger := logging.ZapLogger( + logging.NewLogDestination(logOutput, zapcore.DebugLevel, logging.WithColoredLevels()), + ) + + st := r.State().V1Alpha2().Resources() + it := func(yield func(string) bool) { + imageCacheConfig, err := safe.StateGetByID[*cri.ImageCacheConfig](ctx, st, cri.ImageCacheConfigID) + if err != nil { + logger.Error("failed to get image cache config", zap.Error(err)) - for _, root := range imageCacheConfig.TypedSpec().Roots { - if !yield(os.DirFS(root).(fs.StatFS)) { return } - } - } - return goroutine.NewRunner(rt, "registryd", func(ctx context.Context, r runtime.Runtime, logOutput io.Writer) error { - return registry.NewService( - registry.NewMultiPathFS(it), - logging.ZapLogger(logging.NewLogDestination( - logOutput, - zapcore.DebugLevel, - logging.WithColoredLevels(), - )), - ).Run(ctx) + for _, root := range imageCacheConfig.TypedSpec().Roots { + if _, err = os.Stat(root); err != nil { + logger.Error("failed to stat image cache root", zap.String("root", root), zap.Error(err)) + + continue + } + + if !yield(root) { + return + } + } + } + + return registry.NewService(registry.NewMultiPathFS(it), logger).Run(ctx) }, runner.WithLoggingManager(rt.Logging())), nil } diff --git a/internal/pkg/containers/image/image.go b/internal/pkg/containers/image/image.go index eab855581..fc83e7bfb 100644 --- a/internal/pkg/containers/image/image.go +++ b/internal/pkg/containers/image/image.go @@ -53,11 +53,14 @@ func WithSkipIfAlreadyPulled() PullOption { } } +// RegistriesBuilder is a function that returns registries configuration. +type RegistriesBuilder = func(context.Context) (config.Registries, error) + // Pull is a convenience function that wraps the containerd image pull func with // retry functionality. // //nolint:gocyclo -func Pull(ctx context.Context, reg config.Registries, client *containerd.Client, ref string, opt ...PullOption) (img containerd.Image, err error) { +func Pull(ctx context.Context, registryBuilder RegistriesBuilder, client *containerd.Client, ref string, opt ...PullOption) (img containerd.Image, err error) { var opts PullOptions for _, o := range opt { @@ -96,9 +99,14 @@ func Pull(ctx context.Context, reg config.Registries, client *containerd.Client, ctx = log.WithLogger(ctx, containerdLogger.WithField("image", ref)) - resolver := NewResolver(reg) - err = retry.Exponential(PullTimeout, retry.WithUnits(PullRetryInterval), retry.WithErrorLogging(true)).RetryWithContext(ctx, func(ctx context.Context) error { + registriesConfig, err := registryBuilder(ctx) + if err != nil { + return fmt.Errorf("failed to get configured registries: %w", err) + } + + resolver := NewResolver(registriesConfig) + if img, err = client.Pull( ctx, ref, diff --git a/internal/pkg/extensions/pull.go b/internal/pkg/extensions/pull.go index 7d5baaa57..a23107011 100644 --- a/internal/pkg/extensions/pull.go +++ b/internal/pkg/extensions/pull.go @@ -48,7 +48,7 @@ func NewPuller(client *containerd.Client) (*Puller, error) { } // PullAndMount pulls the system extension images, unpacks them and mounts under well known path (constants.SystemExtensionsPath). -func (puller *Puller) PullAndMount(ctx context.Context, registryConfig config.Registries, extensions []config.Extension) error { +func (puller *Puller) PullAndMount(ctx context.Context, registriesBuilder image.RegistriesBuilder, extensions []config.Extension) error { snapshotService := puller.client.SnapshotService(defaults.DefaultSnapshotter) for i, ext := range extensions { @@ -61,7 +61,7 @@ func (puller *Puller) PullAndMount(ctx context.Context, registryConfig config.Re var extImg containerd.Image - extImg, err := image.Pull(ctx, registryConfig, puller.client, extensionImage, image.WithSkipIfAlreadyPulled()) + extImg, err := image.Pull(ctx, registriesBuilder, puller.client, extensionImage, image.WithSkipIfAlreadyPulled()) if err != nil { return err } diff --git a/internal/pkg/install/install.go b/internal/pkg/install/install.go index 4e829ca09..1c262e9b6 100644 --- a/internal/pkg/install/install.go +++ b/internal/pkg/install/install.go @@ -33,14 +33,19 @@ import ( machineapi "github.com/siderolabs/talos/pkg/machinery/api/machine" configcore "github.com/siderolabs/talos/pkg/machinery/config" "github.com/siderolabs/talos/pkg/machinery/config/config" - "github.com/siderolabs/talos/pkg/machinery/config/types/v1alpha1" "github.com/siderolabs/talos/pkg/machinery/constants" ) // RunInstallerContainer performs an installation via the installer container. // //nolint:gocyclo,cyclop -func RunInstallerContainer(disk, platform, ref string, cfg configcore.Config, cfgContainer configcore.Container, opts ...Option) error { +func RunInstallerContainer( + disk, platform, ref string, + cfg configcore.Config, + cfgContainer configcore.Container, + registryBuilder image.RegistriesBuilder, + opts ...Option, +) error { const containerID = "upgrade" options := DefaultInstallOptions() @@ -51,16 +56,10 @@ func RunInstallerContainer(disk, platform, ref string, cfg configcore.Config, cf } } - var ( - registriesConfig config.Registries - extensionsConfig []config.Extension - ) + var extensionsConfig []config.Extension if cfg != nil && cfg.Machine() != nil { - registriesConfig = cfg.Machine().Registries() extensionsConfig = cfg.Machine().Install().Extensions() - } else { - registriesConfig = &v1alpha1.RegistriesConfig{} } ctx, cancel := context.WithCancel(context.Background()) @@ -89,7 +88,7 @@ func RunInstallerContainer(disk, platform, ref string, cfg configcore.Config, cf if img == nil || err != nil && errdefs.IsNotFound(err) { log.Printf("pulling %q", ref) - img, err = image.Pull(ctx, registriesConfig, client, ref) + img, err = image.Pull(ctx, registryBuilder, client, ref) } if err != nil { @@ -102,7 +101,7 @@ func RunInstallerContainer(disk, platform, ref string, cfg configcore.Config, cf } if extensionsConfig != nil { - if err = puller.PullAndMount(ctx, registriesConfig, extensionsConfig); err != nil { + if err = puller.PullAndMount(ctx, registryBuilder, extensionsConfig); err != nil { return err } } diff --git a/internal/pkg/install/pull.go b/internal/pkg/install/pull.go index 38b495ff8..6ee14aa33 100644 --- a/internal/pkg/install/pull.go +++ b/internal/pkg/install/pull.go @@ -16,14 +16,13 @@ import ( "github.com/containerd/errdefs" "github.com/siderolabs/talos/internal/pkg/containers/image" - "github.com/siderolabs/talos/pkg/machinery/config/config" "github.com/siderolabs/talos/pkg/machinery/constants" ) // PullAndValidateInstallerImage pulls down the installer and validates that it can run. // //nolint:gocyclo -func PullAndValidateInstallerImage(ctx context.Context, reg config.Registries, ref string) error { +func PullAndValidateInstallerImage(ctx context.Context, registryBuilder image.RegistriesBuilder, ref string) error { // Pull down specified installer image early so we can bail if it doesn't exist in the upstream registry containerdctx := namespaces.WithNamespace(ctx, constants.SystemContainerdNamespace) @@ -36,7 +35,7 @@ func PullAndValidateInstallerImage(ctx context.Context, reg config.Registries, r defer client.Close() //nolint:errcheck - img, err := image.Pull(containerdctx, reg, client, ref, image.WithSkipIfAlreadyPulled()) + img, err := image.Pull(containerdctx, registryBuilder, client, ref, image.WithSkipIfAlreadyPulled()) if err != nil { return err } diff --git a/pkg/machinery/api/resource/definitions/cri/cri.pb.go b/pkg/machinery/api/resource/definitions/cri/cri.pb.go index 7920c9c8b..077811ef5 100644 --- a/pkg/machinery/api/resource/definitions/cri/cri.pb.go +++ b/pkg/machinery/api/resource/definitions/cri/cri.pb.go @@ -14,6 +14,7 @@ import ( protoimpl "google.golang.org/protobuf/runtime/protoimpl" structpb "google.golang.org/protobuf/types/known/structpb" + common "github.com/siderolabs/talos/pkg/machinery/api/common" enums "github.com/siderolabs/talos/pkg/machinery/api/resource/definitions/enums" ) @@ -78,6 +79,308 @@ func (x *ImageCacheConfigSpec) GetRoots() []string { return nil } +// RegistriesConfigSpec describes status of rendered secrets. +type RegistriesConfigSpec struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + RegistryMirrors map[string]*RegistryMirrorConfig `protobuf:"bytes,1,rep,name=registry_mirrors,json=registryMirrors,proto3" json:"registry_mirrors,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` + RegistryConfig map[string]*RegistryConfig `protobuf:"bytes,2,rep,name=registry_config,json=registryConfig,proto3" json:"registry_config,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` +} + +func (x *RegistriesConfigSpec) Reset() { + *x = RegistriesConfigSpec{} + mi := &file_resource_definitions_cri_cri_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *RegistriesConfigSpec) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*RegistriesConfigSpec) ProtoMessage() {} + +func (x *RegistriesConfigSpec) ProtoReflect() protoreflect.Message { + mi := &file_resource_definitions_cri_cri_proto_msgTypes[1] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use RegistriesConfigSpec.ProtoReflect.Descriptor instead. +func (*RegistriesConfigSpec) Descriptor() ([]byte, []int) { + return file_resource_definitions_cri_cri_proto_rawDescGZIP(), []int{1} +} + +func (x *RegistriesConfigSpec) GetRegistryMirrors() map[string]*RegistryMirrorConfig { + if x != nil { + return x.RegistryMirrors + } + return nil +} + +func (x *RegistriesConfigSpec) GetRegistryConfig() map[string]*RegistryConfig { + if x != nil { + return x.RegistryConfig + } + return nil +} + +// RegistryAuthConfig specifies authentication configuration for a registry. +type RegistryAuthConfig struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + RegistryUsername string `protobuf:"bytes,1,opt,name=registry_username,json=registryUsername,proto3" json:"registry_username,omitempty"` + RegistryPassword string `protobuf:"bytes,2,opt,name=registry_password,json=registryPassword,proto3" json:"registry_password,omitempty"` + RegistryAuth string `protobuf:"bytes,3,opt,name=registry_auth,json=registryAuth,proto3" json:"registry_auth,omitempty"` + RegistryIdentityToken string `protobuf:"bytes,4,opt,name=registry_identity_token,json=registryIdentityToken,proto3" json:"registry_identity_token,omitempty"` +} + +func (x *RegistryAuthConfig) Reset() { + *x = RegistryAuthConfig{} + mi := &file_resource_definitions_cri_cri_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *RegistryAuthConfig) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*RegistryAuthConfig) ProtoMessage() {} + +func (x *RegistryAuthConfig) ProtoReflect() protoreflect.Message { + mi := &file_resource_definitions_cri_cri_proto_msgTypes[2] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use RegistryAuthConfig.ProtoReflect.Descriptor instead. +func (*RegistryAuthConfig) Descriptor() ([]byte, []int) { + return file_resource_definitions_cri_cri_proto_rawDescGZIP(), []int{2} +} + +func (x *RegistryAuthConfig) GetRegistryUsername() string { + if x != nil { + return x.RegistryUsername + } + return "" +} + +func (x *RegistryAuthConfig) GetRegistryPassword() string { + if x != nil { + return x.RegistryPassword + } + return "" +} + +func (x *RegistryAuthConfig) GetRegistryAuth() string { + if x != nil { + return x.RegistryAuth + } + return "" +} + +func (x *RegistryAuthConfig) GetRegistryIdentityToken() string { + if x != nil { + return x.RegistryIdentityToken + } + return "" +} + +// RegistryConfig specifies auth & TLS config per registry. +type RegistryConfig struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + RegistryTls *RegistryTLSConfig `protobuf:"bytes,1,opt,name=registry_tls,json=registryTls,proto3" json:"registry_tls,omitempty"` + RegistryAuth *RegistryAuthConfig `protobuf:"bytes,2,opt,name=registry_auth,json=registryAuth,proto3" json:"registry_auth,omitempty"` +} + +func (x *RegistryConfig) Reset() { + *x = RegistryConfig{} + mi := &file_resource_definitions_cri_cri_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *RegistryConfig) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*RegistryConfig) ProtoMessage() {} + +func (x *RegistryConfig) ProtoReflect() protoreflect.Message { + mi := &file_resource_definitions_cri_cri_proto_msgTypes[3] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use RegistryConfig.ProtoReflect.Descriptor instead. +func (*RegistryConfig) Descriptor() ([]byte, []int) { + return file_resource_definitions_cri_cri_proto_rawDescGZIP(), []int{3} +} + +func (x *RegistryConfig) GetRegistryTls() *RegistryTLSConfig { + if x != nil { + return x.RegistryTls + } + return nil +} + +func (x *RegistryConfig) GetRegistryAuth() *RegistryAuthConfig { + if x != nil { + return x.RegistryAuth + } + return nil +} + +// RegistryMirrorConfig represents mirror configuration for a registry. +type RegistryMirrorConfig struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + MirrorEndpoints []string `protobuf:"bytes,1,rep,name=mirror_endpoints,json=mirrorEndpoints,proto3" json:"mirror_endpoints,omitempty"` + MirrorOverridePath bool `protobuf:"varint,2,opt,name=mirror_override_path,json=mirrorOverridePath,proto3" json:"mirror_override_path,omitempty"` + MirrorSkipFallback bool `protobuf:"varint,3,opt,name=mirror_skip_fallback,json=mirrorSkipFallback,proto3" json:"mirror_skip_fallback,omitempty"` +} + +func (x *RegistryMirrorConfig) Reset() { + *x = RegistryMirrorConfig{} + mi := &file_resource_definitions_cri_cri_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *RegistryMirrorConfig) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*RegistryMirrorConfig) ProtoMessage() {} + +func (x *RegistryMirrorConfig) ProtoReflect() protoreflect.Message { + mi := &file_resource_definitions_cri_cri_proto_msgTypes[4] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use RegistryMirrorConfig.ProtoReflect.Descriptor instead. +func (*RegistryMirrorConfig) Descriptor() ([]byte, []int) { + return file_resource_definitions_cri_cri_proto_rawDescGZIP(), []int{4} +} + +func (x *RegistryMirrorConfig) GetMirrorEndpoints() []string { + if x != nil { + return x.MirrorEndpoints + } + return nil +} + +func (x *RegistryMirrorConfig) GetMirrorOverridePath() bool { + if x != nil { + return x.MirrorOverridePath + } + return false +} + +func (x *RegistryMirrorConfig) GetMirrorSkipFallback() bool { + if x != nil { + return x.MirrorSkipFallback + } + return false +} + +// RegistryTLSConfig specifies TLS config for HTTPS registries. +type RegistryTLSConfig struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + TlsClientIdentity *common.PEMEncodedCertificateAndKey `protobuf:"bytes,1,opt,name=tls_client_identity,json=tlsClientIdentity,proto3" json:"tls_client_identity,omitempty"` + Tlsca []byte `protobuf:"bytes,2,opt,name=tlsca,proto3" json:"tlsca,omitempty"` + TlsInsecureSkipVerify bool `protobuf:"varint,3,opt,name=tls_insecure_skip_verify,json=tlsInsecureSkipVerify,proto3" json:"tls_insecure_skip_verify,omitempty"` +} + +func (x *RegistryTLSConfig) Reset() { + *x = RegistryTLSConfig{} + mi := &file_resource_definitions_cri_cri_proto_msgTypes[5] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *RegistryTLSConfig) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*RegistryTLSConfig) ProtoMessage() {} + +func (x *RegistryTLSConfig) ProtoReflect() protoreflect.Message { + mi := &file_resource_definitions_cri_cri_proto_msgTypes[5] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use RegistryTLSConfig.ProtoReflect.Descriptor instead. +func (*RegistryTLSConfig) Descriptor() ([]byte, []int) { + return file_resource_definitions_cri_cri_proto_rawDescGZIP(), []int{5} +} + +func (x *RegistryTLSConfig) GetTlsClientIdentity() *common.PEMEncodedCertificateAndKey { + if x != nil { + return x.TlsClientIdentity + } + return nil +} + +func (x *RegistryTLSConfig) GetTlsca() []byte { + if x != nil { + return x.Tlsca + } + return nil +} + +func (x *RegistryTLSConfig) GetTlsInsecureSkipVerify() bool { + if x != nil { + return x.TlsInsecureSkipVerify + } + return false +} + // SeccompProfileSpec represents the SeccompProfile. type SeccompProfileSpec struct { state protoimpl.MessageState @@ -90,7 +393,7 @@ type SeccompProfileSpec struct { func (x *SeccompProfileSpec) Reset() { *x = SeccompProfileSpec{} - mi := &file_resource_definitions_cri_cri_proto_msgTypes[1] + mi := &file_resource_definitions_cri_cri_proto_msgTypes[6] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -102,7 +405,7 @@ func (x *SeccompProfileSpec) String() string { func (*SeccompProfileSpec) ProtoMessage() {} func (x *SeccompProfileSpec) ProtoReflect() protoreflect.Message { - mi := &file_resource_definitions_cri_cri_proto_msgTypes[1] + mi := &file_resource_definitions_cri_cri_proto_msgTypes[6] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -115,7 +418,7 @@ func (x *SeccompProfileSpec) ProtoReflect() protoreflect.Message { // Deprecated: Use SeccompProfileSpec.ProtoReflect.Descriptor instead. func (*SeccompProfileSpec) Descriptor() ([]byte, []int) { - return file_resource_definitions_cri_cri_proto_rawDescGZIP(), []int{1} + return file_resource_definitions_cri_cri_proto_rawDescGZIP(), []int{6} } func (x *SeccompProfileSpec) GetName() string { @@ -139,32 +442,111 @@ var file_resource_definitions_cri_cri_proto_rawDesc = []byte{ 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x63, 0x72, 0x69, 0x2f, 0x63, 0x72, 0x69, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x1e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, - 0x2e, 0x63, 0x72, 0x69, 0x1a, 0x1c, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x73, 0x74, 0x72, 0x75, 0x63, 0x74, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x1a, 0x26, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2f, 0x64, 0x65, 0x66, - 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x65, 0x6e, 0x75, 0x6d, 0x73, 0x2f, 0x65, - 0x6e, 0x75, 0x6d, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x7b, 0x0a, 0x14, 0x49, 0x6d, - 0x61, 0x67, 0x65, 0x43, 0x61, 0x63, 0x68, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x53, 0x70, - 0x65, 0x63, 0x12, 0x4d, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x0e, 0x32, 0x35, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, + 0x2e, 0x63, 0x72, 0x69, 0x1a, 0x13, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2f, 0x63, 0x6f, 0x6d, + 0x6d, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1c, 0x67, 0x6f, 0x6f, 0x67, 0x6c, + 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x73, 0x74, 0x72, 0x75, 0x63, + 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x26, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, + 0x65, 0x2f, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x65, 0x6e, + 0x75, 0x6d, 0x73, 0x2f, 0x65, 0x6e, 0x75, 0x6d, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, + 0x7b, 0x0a, 0x14, 0x49, 0x6d, 0x61, 0x67, 0x65, 0x43, 0x61, 0x63, 0x68, 0x65, 0x43, 0x6f, 0x6e, + 0x66, 0x69, 0x67, 0x53, 0x70, 0x65, 0x63, 0x12, 0x4d, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, + 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x35, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, + 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, + 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x65, 0x6e, 0x75, 0x6d, 0x73, 0x2e, 0x43, 0x72, 0x69, 0x49, 0x6d, + 0x61, 0x67, 0x65, 0x43, 0x61, 0x63, 0x68, 0x65, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x06, + 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x14, 0x0a, 0x05, 0x72, 0x6f, 0x6f, 0x74, 0x73, 0x18, + 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x05, 0x72, 0x6f, 0x6f, 0x74, 0x73, 0x22, 0xec, 0x03, 0x0a, + 0x14, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x69, 0x65, 0x73, 0x43, 0x6f, 0x6e, 0x66, 0x69, + 0x67, 0x53, 0x70, 0x65, 0x63, 0x12, 0x74, 0x0a, 0x10, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, + 0x79, 0x5f, 0x6d, 0x69, 0x72, 0x72, 0x6f, 0x72, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, + 0x49, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, + 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x63, 0x72, 0x69, + 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x69, 0x65, 0x73, 0x43, 0x6f, 0x6e, 0x66, 0x69, + 0x67, 0x53, 0x70, 0x65, 0x63, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x4d, 0x69, + 0x72, 0x72, 0x6f, 0x72, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0f, 0x72, 0x65, 0x67, 0x69, + 0x73, 0x74, 0x72, 0x79, 0x4d, 0x69, 0x72, 0x72, 0x6f, 0x72, 0x73, 0x12, 0x71, 0x0a, 0x0f, 0x72, + 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x02, + 0x20, 0x03, 0x28, 0x0b, 0x32, 0x48, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72, 0x65, 0x73, + 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, + 0x73, 0x2e, 0x63, 0x72, 0x69, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x69, 0x65, 0x73, + 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x53, 0x70, 0x65, 0x63, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, + 0x74, 0x72, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0e, + 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x1a, 0x78, + 0x0a, 0x14, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x4d, 0x69, 0x72, 0x72, 0x6f, 0x72, + 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x4a, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, + 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x34, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, + 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, + 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x63, 0x72, 0x69, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, + 0x79, 0x4d, 0x69, 0x72, 0x72, 0x6f, 0x72, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x05, 0x76, + 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x71, 0x0a, 0x13, 0x52, 0x65, 0x67, 0x69, + 0x73, 0x74, 0x72, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, + 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, + 0x79, 0x12, 0x44, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x2e, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, + 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x63, 0x72, + 0x69, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, + 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xcb, 0x01, 0x0a, 0x12, + 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x41, 0x75, 0x74, 0x68, 0x43, 0x6f, 0x6e, 0x66, + 0x69, 0x67, 0x12, 0x2b, 0x0a, 0x11, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x5f, 0x75, + 0x73, 0x65, 0x72, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x10, 0x72, + 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x55, 0x73, 0x65, 0x72, 0x6e, 0x61, 0x6d, 0x65, 0x12, + 0x2b, 0x0a, 0x11, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x5f, 0x70, 0x61, 0x73, 0x73, + 0x77, 0x6f, 0x72, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x10, 0x72, 0x65, 0x67, 0x69, + 0x73, 0x74, 0x72, 0x79, 0x50, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x12, 0x23, 0x0a, 0x0d, + 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x18, 0x03, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x0c, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x41, 0x75, 0x74, + 0x68, 0x12, 0x36, 0x0a, 0x17, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x5f, 0x69, 0x64, + 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x5f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x04, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x15, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x49, 0x64, 0x65, 0x6e, + 0x74, 0x69, 0x74, 0x79, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x22, 0xbf, 0x01, 0x0a, 0x0e, 0x52, 0x65, + 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x54, 0x0a, 0x0c, + 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x5f, 0x74, 0x6c, 0x73, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, - 0x65, 0x6e, 0x75, 0x6d, 0x73, 0x2e, 0x43, 0x72, 0x69, 0x49, 0x6d, 0x61, 0x67, 0x65, 0x43, 0x61, - 0x63, 0x68, 0x65, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, - 0x73, 0x12, 0x14, 0x0a, 0x05, 0x72, 0x6f, 0x6f, 0x74, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, - 0x52, 0x05, 0x72, 0x6f, 0x6f, 0x74, 0x73, 0x22, 0x57, 0x0a, 0x12, 0x53, 0x65, 0x63, 0x63, 0x6f, - 0x6d, 0x70, 0x50, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x53, 0x70, 0x65, 0x63, 0x12, 0x12, 0x0a, - 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, - 0x65, 0x12, 0x2d, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x17, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, - 0x75, 0x66, 0x2e, 0x53, 0x74, 0x72, 0x75, 0x63, 0x74, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, - 0x42, 0x70, 0x0a, 0x26, 0x64, 0x65, 0x76, 0x2e, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2e, 0x61, 0x70, - 0x69, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, - 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x63, 0x72, 0x69, 0x5a, 0x46, 0x67, 0x69, 0x74, 0x68, - 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x73, 0x69, 0x64, 0x65, 0x72, 0x6f, 0x6c, 0x61, 0x62, - 0x73, 0x2f, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2f, 0x70, 0x6b, 0x67, 0x2f, 0x6d, 0x61, 0x63, 0x68, - 0x69, 0x6e, 0x65, 0x72, 0x79, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, - 0x63, 0x65, 0x2f, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x63, - 0x72, 0x69, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x63, 0x72, 0x69, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x54, 0x4c, 0x53, 0x43, + 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x0b, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x54, + 0x6c, 0x73, 0x12, 0x57, 0x0a, 0x0d, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x5f, 0x61, + 0x75, 0x74, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x74, 0x61, 0x6c, 0x6f, + 0x73, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, + 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x63, 0x72, 0x69, 0x2e, 0x52, 0x65, 0x67, 0x69, 0x73, + 0x74, 0x72, 0x79, 0x41, 0x75, 0x74, 0x68, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x0c, 0x72, + 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x41, 0x75, 0x74, 0x68, 0x22, 0xa5, 0x01, 0x0a, 0x14, + 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x4d, 0x69, 0x72, 0x72, 0x6f, 0x72, 0x43, 0x6f, + 0x6e, 0x66, 0x69, 0x67, 0x12, 0x29, 0x0a, 0x10, 0x6d, 0x69, 0x72, 0x72, 0x6f, 0x72, 0x5f, 0x65, + 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0f, + 0x6d, 0x69, 0x72, 0x72, 0x6f, 0x72, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x73, 0x12, + 0x30, 0x0a, 0x14, 0x6d, 0x69, 0x72, 0x72, 0x6f, 0x72, 0x5f, 0x6f, 0x76, 0x65, 0x72, 0x72, 0x69, + 0x64, 0x65, 0x5f, 0x70, 0x61, 0x74, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x12, 0x6d, + 0x69, 0x72, 0x72, 0x6f, 0x72, 0x4f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x50, 0x61, 0x74, + 0x68, 0x12, 0x30, 0x0a, 0x14, 0x6d, 0x69, 0x72, 0x72, 0x6f, 0x72, 0x5f, 0x73, 0x6b, 0x69, 0x70, + 0x5f, 0x66, 0x61, 0x6c, 0x6c, 0x62, 0x61, 0x63, 0x6b, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, + 0x12, 0x6d, 0x69, 0x72, 0x72, 0x6f, 0x72, 0x53, 0x6b, 0x69, 0x70, 0x46, 0x61, 0x6c, 0x6c, 0x62, + 0x61, 0x63, 0x6b, 0x22, 0xb7, 0x01, 0x0a, 0x11, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, + 0x54, 0x4c, 0x53, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x53, 0x0a, 0x13, 0x74, 0x6c, 0x73, + 0x5f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, + 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, + 0x50, 0x45, 0x4d, 0x45, 0x6e, 0x63, 0x6f, 0x64, 0x65, 0x64, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, + 0x69, 0x63, 0x61, 0x74, 0x65, 0x41, 0x6e, 0x64, 0x4b, 0x65, 0x79, 0x52, 0x11, 0x74, 0x6c, 0x73, + 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x12, 0x14, + 0x0a, 0x05, 0x74, 0x6c, 0x73, 0x63, 0x61, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x05, 0x74, + 0x6c, 0x73, 0x63, 0x61, 0x12, 0x37, 0x0a, 0x18, 0x74, 0x6c, 0x73, 0x5f, 0x69, 0x6e, 0x73, 0x65, + 0x63, 0x75, 0x72, 0x65, 0x5f, 0x73, 0x6b, 0x69, 0x70, 0x5f, 0x76, 0x65, 0x72, 0x69, 0x66, 0x79, + 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x15, 0x74, 0x6c, 0x73, 0x49, 0x6e, 0x73, 0x65, 0x63, + 0x75, 0x72, 0x65, 0x53, 0x6b, 0x69, 0x70, 0x56, 0x65, 0x72, 0x69, 0x66, 0x79, 0x22, 0x57, 0x0a, + 0x12, 0x53, 0x65, 0x63, 0x63, 0x6f, 0x6d, 0x70, 0x50, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x53, + 0x70, 0x65, 0x63, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x2d, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, + 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x74, 0x72, 0x75, 0x63, 0x74, 0x52, + 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x42, 0x70, 0x0a, 0x26, 0x64, 0x65, 0x76, 0x2e, 0x74, 0x61, + 0x6c, 0x6f, 0x73, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, + 0x2e, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x63, 0x72, 0x69, + 0x5a, 0x46, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x73, 0x69, 0x64, + 0x65, 0x72, 0x6f, 0x6c, 0x61, 0x62, 0x73, 0x2f, 0x74, 0x61, 0x6c, 0x6f, 0x73, 0x2f, 0x70, 0x6b, + 0x67, 0x2f, 0x6d, 0x61, 0x63, 0x68, 0x69, 0x6e, 0x65, 0x72, 0x79, 0x2f, 0x61, 0x70, 0x69, 0x2f, + 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2f, 0x64, 0x65, 0x66, 0x69, 0x6e, 0x69, 0x74, + 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x63, 0x72, 0x69, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -179,21 +561,36 @@ func file_resource_definitions_cri_cri_proto_rawDescGZIP() []byte { return file_resource_definitions_cri_cri_proto_rawDescData } -var file_resource_definitions_cri_cri_proto_msgTypes = make([]protoimpl.MessageInfo, 2) +var file_resource_definitions_cri_cri_proto_msgTypes = make([]protoimpl.MessageInfo, 9) var file_resource_definitions_cri_cri_proto_goTypes = []any{ - (*ImageCacheConfigSpec)(nil), // 0: talos.resource.definitions.cri.ImageCacheConfigSpec - (*SeccompProfileSpec)(nil), // 1: talos.resource.definitions.cri.SeccompProfileSpec - (enums.CriImageCacheStatus)(0), // 2: talos.resource.definitions.enums.CriImageCacheStatus - (*structpb.Struct)(nil), // 3: google.protobuf.Struct + (*ImageCacheConfigSpec)(nil), // 0: talos.resource.definitions.cri.ImageCacheConfigSpec + (*RegistriesConfigSpec)(nil), // 1: talos.resource.definitions.cri.RegistriesConfigSpec + (*RegistryAuthConfig)(nil), // 2: talos.resource.definitions.cri.RegistryAuthConfig + (*RegistryConfig)(nil), // 3: talos.resource.definitions.cri.RegistryConfig + (*RegistryMirrorConfig)(nil), // 4: talos.resource.definitions.cri.RegistryMirrorConfig + (*RegistryTLSConfig)(nil), // 5: talos.resource.definitions.cri.RegistryTLSConfig + (*SeccompProfileSpec)(nil), // 6: talos.resource.definitions.cri.SeccompProfileSpec + nil, // 7: talos.resource.definitions.cri.RegistriesConfigSpec.RegistryMirrorsEntry + nil, // 8: talos.resource.definitions.cri.RegistriesConfigSpec.RegistryConfigEntry + (enums.CriImageCacheStatus)(0), // 9: talos.resource.definitions.enums.CriImageCacheStatus + (*common.PEMEncodedCertificateAndKey)(nil), // 10: common.PEMEncodedCertificateAndKey + (*structpb.Struct)(nil), // 11: google.protobuf.Struct } var file_resource_definitions_cri_cri_proto_depIdxs = []int32{ - 2, // 0: talos.resource.definitions.cri.ImageCacheConfigSpec.status:type_name -> talos.resource.definitions.enums.CriImageCacheStatus - 3, // 1: talos.resource.definitions.cri.SeccompProfileSpec.value:type_name -> google.protobuf.Struct - 2, // [2:2] is the sub-list for method output_type - 2, // [2:2] is the sub-list for method input_type - 2, // [2:2] is the sub-list for extension type_name - 2, // [2:2] is the sub-list for extension extendee - 0, // [0:2] is the sub-list for field type_name + 9, // 0: talos.resource.definitions.cri.ImageCacheConfigSpec.status:type_name -> talos.resource.definitions.enums.CriImageCacheStatus + 7, // 1: talos.resource.definitions.cri.RegistriesConfigSpec.registry_mirrors:type_name -> talos.resource.definitions.cri.RegistriesConfigSpec.RegistryMirrorsEntry + 8, // 2: talos.resource.definitions.cri.RegistriesConfigSpec.registry_config:type_name -> talos.resource.definitions.cri.RegistriesConfigSpec.RegistryConfigEntry + 5, // 3: talos.resource.definitions.cri.RegistryConfig.registry_tls:type_name -> talos.resource.definitions.cri.RegistryTLSConfig + 2, // 4: talos.resource.definitions.cri.RegistryConfig.registry_auth:type_name -> talos.resource.definitions.cri.RegistryAuthConfig + 10, // 5: talos.resource.definitions.cri.RegistryTLSConfig.tls_client_identity:type_name -> common.PEMEncodedCertificateAndKey + 11, // 6: talos.resource.definitions.cri.SeccompProfileSpec.value:type_name -> google.protobuf.Struct + 4, // 7: talos.resource.definitions.cri.RegistriesConfigSpec.RegistryMirrorsEntry.value:type_name -> talos.resource.definitions.cri.RegistryMirrorConfig + 3, // 8: talos.resource.definitions.cri.RegistriesConfigSpec.RegistryConfigEntry.value:type_name -> talos.resource.definitions.cri.RegistryConfig + 9, // [9:9] is the sub-list for method output_type + 9, // [9:9] is the sub-list for method input_type + 9, // [9:9] is the sub-list for extension type_name + 9, // [9:9] is the sub-list for extension extendee + 0, // [0:9] is the sub-list for field type_name } func init() { file_resource_definitions_cri_cri_proto_init() } @@ -207,7 +604,7 @@ func file_resource_definitions_cri_cri_proto_init() { GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: file_resource_definitions_cri_cri_proto_rawDesc, NumEnums: 0, - NumMessages: 2, + NumMessages: 9, NumExtensions: 0, NumServices: 0, }, diff --git a/pkg/machinery/api/resource/definitions/cri/cri_vtproto.pb.go b/pkg/machinery/api/resource/definitions/cri/cri_vtproto.pb.go index 1cbcc2cbf..660742fee 100644 --- a/pkg/machinery/api/resource/definitions/cri/cri_vtproto.pb.go +++ b/pkg/machinery/api/resource/definitions/cri/cri_vtproto.pb.go @@ -10,9 +10,11 @@ import ( protohelpers "github.com/planetscale/vtprotobuf/protohelpers" structpb "github.com/planetscale/vtprotobuf/types/known/structpb" + proto "google.golang.org/protobuf/proto" protoimpl "google.golang.org/protobuf/runtime/protoimpl" structpb1 "google.golang.org/protobuf/types/known/structpb" + common "github.com/siderolabs/talos/pkg/machinery/api/common" enums "github.com/siderolabs/talos/pkg/machinery/api/resource/definitions/enums" ) @@ -70,6 +72,331 @@ func (m *ImageCacheConfigSpec) MarshalToSizedBufferVT(dAtA []byte) (int, error) return len(dAtA) - i, nil } +func (m *RegistriesConfigSpec) MarshalVT() (dAtA []byte, err error) { + if m == nil { + return nil, nil + } + size := m.SizeVT() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBufferVT(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *RegistriesConfigSpec) MarshalToVT(dAtA []byte) (int, error) { + size := m.SizeVT() + return m.MarshalToSizedBufferVT(dAtA[:size]) +} + +func (m *RegistriesConfigSpec) MarshalToSizedBufferVT(dAtA []byte) (int, error) { + if m == nil { + return 0, nil + } + i := len(dAtA) + _ = i + var l int + _ = l + if m.unknownFields != nil { + i -= len(m.unknownFields) + copy(dAtA[i:], m.unknownFields) + } + if len(m.RegistryConfig) > 0 { + for k := range m.RegistryConfig { + v := m.RegistryConfig[k] + baseI := i + size, err := v.MarshalToSizedBufferVT(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = protohelpers.EncodeVarint(dAtA, i, uint64(size)) + i-- + dAtA[i] = 0x12 + i -= len(k) + copy(dAtA[i:], k) + i = protohelpers.EncodeVarint(dAtA, i, uint64(len(k))) + i-- + dAtA[i] = 0xa + i = protohelpers.EncodeVarint(dAtA, i, uint64(baseI-i)) + i-- + dAtA[i] = 0x12 + } + } + if len(m.RegistryMirrors) > 0 { + for k := range m.RegistryMirrors { + v := m.RegistryMirrors[k] + baseI := i + size, err := v.MarshalToSizedBufferVT(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = protohelpers.EncodeVarint(dAtA, i, uint64(size)) + i-- + dAtA[i] = 0x12 + i -= len(k) + copy(dAtA[i:], k) + i = protohelpers.EncodeVarint(dAtA, i, uint64(len(k))) + i-- + dAtA[i] = 0xa + i = protohelpers.EncodeVarint(dAtA, i, uint64(baseI-i)) + i-- + dAtA[i] = 0xa + } + } + return len(dAtA) - i, nil +} + +func (m *RegistryAuthConfig) MarshalVT() (dAtA []byte, err error) { + if m == nil { + return nil, nil + } + size := m.SizeVT() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBufferVT(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *RegistryAuthConfig) MarshalToVT(dAtA []byte) (int, error) { + size := m.SizeVT() + return m.MarshalToSizedBufferVT(dAtA[:size]) +} + +func (m *RegistryAuthConfig) MarshalToSizedBufferVT(dAtA []byte) (int, error) { + if m == nil { + return 0, nil + } + i := len(dAtA) + _ = i + var l int + _ = l + if m.unknownFields != nil { + i -= len(m.unknownFields) + copy(dAtA[i:], m.unknownFields) + } + if len(m.RegistryIdentityToken) > 0 { + i -= len(m.RegistryIdentityToken) + copy(dAtA[i:], m.RegistryIdentityToken) + i = protohelpers.EncodeVarint(dAtA, i, uint64(len(m.RegistryIdentityToken))) + i-- + dAtA[i] = 0x22 + } + if len(m.RegistryAuth) > 0 { + i -= len(m.RegistryAuth) + copy(dAtA[i:], m.RegistryAuth) + i = protohelpers.EncodeVarint(dAtA, i, uint64(len(m.RegistryAuth))) + i-- + dAtA[i] = 0x1a + } + if len(m.RegistryPassword) > 0 { + i -= len(m.RegistryPassword) + copy(dAtA[i:], m.RegistryPassword) + i = protohelpers.EncodeVarint(dAtA, i, uint64(len(m.RegistryPassword))) + i-- + dAtA[i] = 0x12 + } + if len(m.RegistryUsername) > 0 { + i -= len(m.RegistryUsername) + copy(dAtA[i:], m.RegistryUsername) + i = protohelpers.EncodeVarint(dAtA, i, uint64(len(m.RegistryUsername))) + i-- + dAtA[i] = 0xa + } + return len(dAtA) - i, nil +} + +func (m *RegistryConfig) MarshalVT() (dAtA []byte, err error) { + if m == nil { + return nil, nil + } + size := m.SizeVT() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBufferVT(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *RegistryConfig) MarshalToVT(dAtA []byte) (int, error) { + size := m.SizeVT() + return m.MarshalToSizedBufferVT(dAtA[:size]) +} + +func (m *RegistryConfig) MarshalToSizedBufferVT(dAtA []byte) (int, error) { + if m == nil { + return 0, nil + } + i := len(dAtA) + _ = i + var l int + _ = l + if m.unknownFields != nil { + i -= len(m.unknownFields) + copy(dAtA[i:], m.unknownFields) + } + if m.RegistryAuth != nil { + size, err := m.RegistryAuth.MarshalToSizedBufferVT(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = protohelpers.EncodeVarint(dAtA, i, uint64(size)) + i-- + dAtA[i] = 0x12 + } + if m.RegistryTls != nil { + size, err := m.RegistryTls.MarshalToSizedBufferVT(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = protohelpers.EncodeVarint(dAtA, i, uint64(size)) + i-- + dAtA[i] = 0xa + } + return len(dAtA) - i, nil +} + +func (m *RegistryMirrorConfig) MarshalVT() (dAtA []byte, err error) { + if m == nil { + return nil, nil + } + size := m.SizeVT() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBufferVT(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *RegistryMirrorConfig) MarshalToVT(dAtA []byte) (int, error) { + size := m.SizeVT() + return m.MarshalToSizedBufferVT(dAtA[:size]) +} + +func (m *RegistryMirrorConfig) MarshalToSizedBufferVT(dAtA []byte) (int, error) { + if m == nil { + return 0, nil + } + i := len(dAtA) + _ = i + var l int + _ = l + if m.unknownFields != nil { + i -= len(m.unknownFields) + copy(dAtA[i:], m.unknownFields) + } + if m.MirrorSkipFallback { + i-- + if m.MirrorSkipFallback { + dAtA[i] = 1 + } else { + dAtA[i] = 0 + } + i-- + dAtA[i] = 0x18 + } + if m.MirrorOverridePath { + i-- + if m.MirrorOverridePath { + dAtA[i] = 1 + } else { + dAtA[i] = 0 + } + i-- + dAtA[i] = 0x10 + } + if len(m.MirrorEndpoints) > 0 { + for iNdEx := len(m.MirrorEndpoints) - 1; iNdEx >= 0; iNdEx-- { + i -= len(m.MirrorEndpoints[iNdEx]) + copy(dAtA[i:], m.MirrorEndpoints[iNdEx]) + i = protohelpers.EncodeVarint(dAtA, i, uint64(len(m.MirrorEndpoints[iNdEx]))) + i-- + dAtA[i] = 0xa + } + } + return len(dAtA) - i, nil +} + +func (m *RegistryTLSConfig) MarshalVT() (dAtA []byte, err error) { + if m == nil { + return nil, nil + } + size := m.SizeVT() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBufferVT(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *RegistryTLSConfig) MarshalToVT(dAtA []byte) (int, error) { + size := m.SizeVT() + return m.MarshalToSizedBufferVT(dAtA[:size]) +} + +func (m *RegistryTLSConfig) MarshalToSizedBufferVT(dAtA []byte) (int, error) { + if m == nil { + return 0, nil + } + i := len(dAtA) + _ = i + var l int + _ = l + if m.unknownFields != nil { + i -= len(m.unknownFields) + copy(dAtA[i:], m.unknownFields) + } + if m.TlsInsecureSkipVerify { + i-- + if m.TlsInsecureSkipVerify { + dAtA[i] = 1 + } else { + dAtA[i] = 0 + } + i-- + dAtA[i] = 0x18 + } + if len(m.Tlsca) > 0 { + i -= len(m.Tlsca) + copy(dAtA[i:], m.Tlsca) + i = protohelpers.EncodeVarint(dAtA, i, uint64(len(m.Tlsca))) + i-- + dAtA[i] = 0x12 + } + if m.TlsClientIdentity != nil { + if vtmsg, ok := interface{}(m.TlsClientIdentity).(interface { + MarshalToSizedBufferVT([]byte) (int, error) + }); ok { + size, err := vtmsg.MarshalToSizedBufferVT(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = protohelpers.EncodeVarint(dAtA, i, uint64(size)) + } else { + encoded, err := proto.Marshal(m.TlsClientIdentity) + if err != nil { + return 0, err + } + i -= len(encoded) + copy(dAtA[i:], encoded) + i = protohelpers.EncodeVarint(dAtA, i, uint64(len(encoded))) + } + i-- + dAtA[i] = 0xa + } + return len(dAtA) - i, nil +} + func (m *SeccompProfileSpec) MarshalVT() (dAtA []byte, err error) { if m == nil { return nil, nil @@ -139,6 +466,135 @@ func (m *ImageCacheConfigSpec) SizeVT() (n int) { return n } +func (m *RegistriesConfigSpec) SizeVT() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if len(m.RegistryMirrors) > 0 { + for k, v := range m.RegistryMirrors { + _ = k + _ = v + l = 0 + if v != nil { + l = v.SizeVT() + } + l += 1 + protohelpers.SizeOfVarint(uint64(l)) + mapEntrySize := 1 + len(k) + protohelpers.SizeOfVarint(uint64(len(k))) + l + n += mapEntrySize + 1 + protohelpers.SizeOfVarint(uint64(mapEntrySize)) + } + } + if len(m.RegistryConfig) > 0 { + for k, v := range m.RegistryConfig { + _ = k + _ = v + l = 0 + if v != nil { + l = v.SizeVT() + } + l += 1 + protohelpers.SizeOfVarint(uint64(l)) + mapEntrySize := 1 + len(k) + protohelpers.SizeOfVarint(uint64(len(k))) + l + n += mapEntrySize + 1 + protohelpers.SizeOfVarint(uint64(mapEntrySize)) + } + } + n += len(m.unknownFields) + return n +} + +func (m *RegistryAuthConfig) SizeVT() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.RegistryUsername) + if l > 0 { + n += 1 + l + protohelpers.SizeOfVarint(uint64(l)) + } + l = len(m.RegistryPassword) + if l > 0 { + n += 1 + l + protohelpers.SizeOfVarint(uint64(l)) + } + l = len(m.RegistryAuth) + if l > 0 { + n += 1 + l + protohelpers.SizeOfVarint(uint64(l)) + } + l = len(m.RegistryIdentityToken) + if l > 0 { + n += 1 + l + protohelpers.SizeOfVarint(uint64(l)) + } + n += len(m.unknownFields) + return n +} + +func (m *RegistryConfig) SizeVT() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if m.RegistryTls != nil { + l = m.RegistryTls.SizeVT() + n += 1 + l + protohelpers.SizeOfVarint(uint64(l)) + } + if m.RegistryAuth != nil { + l = m.RegistryAuth.SizeVT() + n += 1 + l + protohelpers.SizeOfVarint(uint64(l)) + } + n += len(m.unknownFields) + return n +} + +func (m *RegistryMirrorConfig) SizeVT() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if len(m.MirrorEndpoints) > 0 { + for _, s := range m.MirrorEndpoints { + l = len(s) + n += 1 + l + protohelpers.SizeOfVarint(uint64(l)) + } + } + if m.MirrorOverridePath { + n += 2 + } + if m.MirrorSkipFallback { + n += 2 + } + n += len(m.unknownFields) + return n +} + +func (m *RegistryTLSConfig) SizeVT() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if m.TlsClientIdentity != nil { + if size, ok := interface{}(m.TlsClientIdentity).(interface { + SizeVT() int + }); ok { + l = size.SizeVT() + } else { + l = proto.Size(m.TlsClientIdentity) + } + n += 1 + l + protohelpers.SizeOfVarint(uint64(l)) + } + l = len(m.Tlsca) + if l > 0 { + n += 1 + l + protohelpers.SizeOfVarint(uint64(l)) + } + if m.TlsInsecureSkipVerify { + n += 2 + } + n += len(m.unknownFields) + return n +} + func (m *SeccompProfileSpec) SizeVT() (n int) { if m == nil { return 0 @@ -259,6 +715,889 @@ func (m *ImageCacheConfigSpec) UnmarshalVT(dAtA []byte) error { } return nil } +func (m *RegistriesConfigSpec) UnmarshalVT(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return protohelpers.ErrIntOverflow + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: RegistriesConfigSpec: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: RegistriesConfigSpec: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field RegistryMirrors", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return protohelpers.ErrIntOverflow + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return protohelpers.ErrInvalidLength + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return protohelpers.ErrInvalidLength + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.RegistryMirrors == nil { + m.RegistryMirrors = make(map[string]*RegistryMirrorConfig) + } + var mapkey string + var mapvalue *RegistryMirrorConfig + for iNdEx < postIndex { + entryPreIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return protohelpers.ErrIntOverflow + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + if fieldNum == 1 { + var stringLenmapkey uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return protohelpers.ErrIntOverflow + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLenmapkey |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLenmapkey := int(stringLenmapkey) + if intStringLenmapkey < 0 { + return protohelpers.ErrInvalidLength + } + postStringIndexmapkey := iNdEx + intStringLenmapkey + if postStringIndexmapkey < 0 { + return protohelpers.ErrInvalidLength + } + if postStringIndexmapkey > l { + return io.ErrUnexpectedEOF + } + mapkey = string(dAtA[iNdEx:postStringIndexmapkey]) + iNdEx = postStringIndexmapkey + } else if fieldNum == 2 { + var mapmsglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return protohelpers.ErrIntOverflow + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + mapmsglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if mapmsglen < 0 { + return protohelpers.ErrInvalidLength + } + postmsgIndex := iNdEx + mapmsglen + if postmsgIndex < 0 { + return protohelpers.ErrInvalidLength + } + if postmsgIndex > l { + return io.ErrUnexpectedEOF + } + mapvalue = &RegistryMirrorConfig{} + if err := mapvalue.UnmarshalVT(dAtA[iNdEx:postmsgIndex]); err != nil { + return err + } + iNdEx = postmsgIndex + } else { + iNdEx = entryPreIndex + skippy, err := protohelpers.Skip(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return protohelpers.ErrInvalidLength + } + if (iNdEx + skippy) > postIndex { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + m.RegistryMirrors[mapkey] = mapvalue + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field RegistryConfig", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return protohelpers.ErrIntOverflow + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return protohelpers.ErrInvalidLength + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return protohelpers.ErrInvalidLength + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.RegistryConfig == nil { + m.RegistryConfig = make(map[string]*RegistryConfig) + } + var mapkey string + var mapvalue *RegistryConfig + for iNdEx < postIndex { + entryPreIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return protohelpers.ErrIntOverflow + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + if fieldNum == 1 { + var stringLenmapkey uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return protohelpers.ErrIntOverflow + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLenmapkey |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLenmapkey := int(stringLenmapkey) + if intStringLenmapkey < 0 { + return protohelpers.ErrInvalidLength + } + postStringIndexmapkey := iNdEx + intStringLenmapkey + if postStringIndexmapkey < 0 { + return protohelpers.ErrInvalidLength + } + if postStringIndexmapkey > l { + return io.ErrUnexpectedEOF + } + mapkey = string(dAtA[iNdEx:postStringIndexmapkey]) + iNdEx = postStringIndexmapkey + } else if fieldNum == 2 { + var mapmsglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return protohelpers.ErrIntOverflow + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + mapmsglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if mapmsglen < 0 { + return protohelpers.ErrInvalidLength + } + postmsgIndex := iNdEx + mapmsglen + if postmsgIndex < 0 { + return protohelpers.ErrInvalidLength + } + if postmsgIndex > l { + return io.ErrUnexpectedEOF + } + mapvalue = &RegistryConfig{} + if err := mapvalue.UnmarshalVT(dAtA[iNdEx:postmsgIndex]); err != nil { + return err + } + iNdEx = postmsgIndex + } else { + iNdEx = entryPreIndex + skippy, err := protohelpers.Skip(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return protohelpers.ErrInvalidLength + } + if (iNdEx + skippy) > postIndex { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + m.RegistryConfig[mapkey] = mapvalue + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := protohelpers.Skip(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return protohelpers.ErrInvalidLength + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.unknownFields = append(m.unknownFields, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *RegistryAuthConfig) UnmarshalVT(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return protohelpers.ErrIntOverflow + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: RegistryAuthConfig: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: RegistryAuthConfig: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field RegistryUsername", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return protohelpers.ErrIntOverflow + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return protohelpers.ErrInvalidLength + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return protohelpers.ErrInvalidLength + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.RegistryUsername = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field RegistryPassword", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return protohelpers.ErrIntOverflow + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return protohelpers.ErrInvalidLength + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return protohelpers.ErrInvalidLength + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.RegistryPassword = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field RegistryAuth", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return protohelpers.ErrIntOverflow + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return protohelpers.ErrInvalidLength + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return protohelpers.ErrInvalidLength + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.RegistryAuth = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 4: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field RegistryIdentityToken", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return protohelpers.ErrIntOverflow + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return protohelpers.ErrInvalidLength + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return protohelpers.ErrInvalidLength + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.RegistryIdentityToken = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := protohelpers.Skip(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return protohelpers.ErrInvalidLength + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.unknownFields = append(m.unknownFields, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *RegistryConfig) UnmarshalVT(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return protohelpers.ErrIntOverflow + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: RegistryConfig: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: RegistryConfig: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field RegistryTls", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return protohelpers.ErrIntOverflow + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return protohelpers.ErrInvalidLength + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return protohelpers.ErrInvalidLength + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.RegistryTls == nil { + m.RegistryTls = &RegistryTLSConfig{} + } + if err := m.RegistryTls.UnmarshalVT(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field RegistryAuth", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return protohelpers.ErrIntOverflow + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return protohelpers.ErrInvalidLength + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return protohelpers.ErrInvalidLength + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.RegistryAuth == nil { + m.RegistryAuth = &RegistryAuthConfig{} + } + if err := m.RegistryAuth.UnmarshalVT(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := protohelpers.Skip(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return protohelpers.ErrInvalidLength + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.unknownFields = append(m.unknownFields, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *RegistryMirrorConfig) UnmarshalVT(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return protohelpers.ErrIntOverflow + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: RegistryMirrorConfig: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: RegistryMirrorConfig: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field MirrorEndpoints", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return protohelpers.ErrIntOverflow + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return protohelpers.ErrInvalidLength + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return protohelpers.ErrInvalidLength + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.MirrorEndpoints = append(m.MirrorEndpoints, string(dAtA[iNdEx:postIndex])) + iNdEx = postIndex + case 2: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field MirrorOverridePath", wireType) + } + var v int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return protohelpers.ErrIntOverflow + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + v |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + m.MirrorOverridePath = bool(v != 0) + case 3: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field MirrorSkipFallback", wireType) + } + var v int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return protohelpers.ErrIntOverflow + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + v |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + m.MirrorSkipFallback = bool(v != 0) + default: + iNdEx = preIndex + skippy, err := protohelpers.Skip(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return protohelpers.ErrInvalidLength + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.unknownFields = append(m.unknownFields, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *RegistryTLSConfig) UnmarshalVT(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return protohelpers.ErrIntOverflow + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: RegistryTLSConfig: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: RegistryTLSConfig: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field TlsClientIdentity", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return protohelpers.ErrIntOverflow + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return protohelpers.ErrInvalidLength + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return protohelpers.ErrInvalidLength + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.TlsClientIdentity == nil { + m.TlsClientIdentity = &common.PEMEncodedCertificateAndKey{} + } + if unmarshal, ok := interface{}(m.TlsClientIdentity).(interface { + UnmarshalVT([]byte) error + }); ok { + if err := unmarshal.UnmarshalVT(dAtA[iNdEx:postIndex]); err != nil { + return err + } + } else { + if err := proto.Unmarshal(dAtA[iNdEx:postIndex], m.TlsClientIdentity); err != nil { + return err + } + } + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Tlsca", wireType) + } + var byteLen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return protohelpers.ErrIntOverflow + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + byteLen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if byteLen < 0 { + return protohelpers.ErrInvalidLength + } + postIndex := iNdEx + byteLen + if postIndex < 0 { + return protohelpers.ErrInvalidLength + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Tlsca = append(m.Tlsca[:0], dAtA[iNdEx:postIndex]...) + if m.Tlsca == nil { + m.Tlsca = []byte{} + } + iNdEx = postIndex + case 3: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field TlsInsecureSkipVerify", wireType) + } + var v int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return protohelpers.ErrIntOverflow + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + v |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + m.TlsInsecureSkipVerify = bool(v != 0) + default: + iNdEx = preIndex + skippy, err := protohelpers.Skip(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return protohelpers.ErrInvalidLength + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.unknownFields = append(m.unknownFields, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} func (m *SeccompProfileSpec) UnmarshalVT(dAtA []byte) error { l := len(dAtA) iNdEx := 0 diff --git a/pkg/machinery/config/types/v1alpha1/v1alpha1_provider.go b/pkg/machinery/config/types/v1alpha1/v1alpha1_provider.go index 4e7324e28..fb16da821 100644 --- a/pkg/machinery/config/types/v1alpha1/v1alpha1_provider.go +++ b/pkg/machinery/config/types/v1alpha1/v1alpha1_provider.go @@ -16,7 +16,7 @@ import ( "github.com/google/cel-go/common/ast" "github.com/google/cel-go/common/operators" "github.com/google/cel-go/common/types" - specs "github.com/opencontainers/runtime-spec/specs-go" + "github.com/opencontainers/runtime-spec/specs-go" "github.com/siderolabs/crypto/x509" "github.com/siderolabs/gen/xslices" "github.com/siderolabs/go-blockdevice/v2/encryption" diff --git a/pkg/machinery/resources/cri/cri.go b/pkg/machinery/resources/cri/cri.go index 9f15aedfa..5fe06b294 100644 --- a/pkg/machinery/resources/cri/cri.go +++ b/pkg/machinery/resources/cri/cri.go @@ -5,11 +5,51 @@ // Package cri contains resources related to the Container Runtime Interface (CRI). package cri -import "github.com/cosi-project/runtime/pkg/resource" +import ( + "context" + "fmt" -//go:generate deep-copy -type ImageCacheConfigSpec -type SeccompProfileSpec -header-file ../../../../hack/boilerplate.txt -o deep_copy.generated.go . + "github.com/cosi-project/runtime/pkg/resource" + "github.com/cosi-project/runtime/pkg/safe" + "github.com/cosi-project/runtime/pkg/state" + + "github.com/siderolabs/talos/pkg/machinery/config/config" +) + +//go:generate deep-copy -type RegistriesConfigSpec -type ImageCacheConfigSpec -type SeccompProfileSpec -header-file ../../../../hack/boilerplate.txt -o deep_copy.generated.go . //go:generate enumer -type=ImageCacheStatus -linecomment -text // NamespaceName contains resources related to stats. const NamespaceName resource.Namespace = "cri" + +// RegistryBuilder implements image.RegistriesBuilder. +func RegistryBuilder(st state.State) func(ctx context.Context) (config.Registries, error) { + return func(ctx context.Context) (config.Registries, error) { + regs, err := safe.StateWatchFor[*RegistriesConfig](ctx, st, NewRegistriesConfig().Metadata(), state.WithEventTypes(state.Created, state.Updated)) + if err != nil { + return nil, err + } + + return regs.TypedSpec(), nil + } +} + +// WaitForImageCache waits for the image cache config to be either disabled or ready. +func WaitForImageCache(ctx context.Context, st state.State) error { + _, err := st.WatchFor(ctx, NewImageCacheConfig().Metadata(), + state.WithEventTypes(state.Created, state.Updated), + state.WithCondition(func(r resource.Resource) (bool, error) { + imageCacheConfig, ok := r.(*ImageCacheConfig) + if !ok { + return false, fmt.Errorf("unexpected resource type: %T", r) + } + + s := imageCacheConfig.TypedSpec().Status + + return s == ImageCacheStatusDisabled || s == ImageCacheStatusReady, nil + }), + ) + + return err +} diff --git a/pkg/machinery/resources/cri/cri_test.go b/pkg/machinery/resources/cri/cri_test.go index 61d5399e8..7566de93a 100644 --- a/pkg/machinery/resources/cri/cri_test.go +++ b/pkg/machinery/resources/cri/cri_test.go @@ -27,6 +27,7 @@ func TestRegisterResource(t *testing.T) { for _, resource := range []meta.ResourceWithRD{ &cri.ImageCacheConfig{}, &cri.SeccompProfile{}, + &cri.RegistriesConfig{}, } { assert.NoError(t, resourceRegistry.Register(ctx, resource)) } diff --git a/pkg/machinery/resources/cri/deep_copy.generated.go b/pkg/machinery/resources/cri/deep_copy.generated.go index e131a52ad..ca3de5bc4 100644 --- a/pkg/machinery/resources/cri/deep_copy.generated.go +++ b/pkg/machinery/resources/cri/deep_copy.generated.go @@ -2,10 +2,66 @@ // License, v. 2.0. If a copy of the MPL was not distributed with this // file, You can obtain one at http://mozilla.org/MPL/2.0/. -// Code generated by "deep-copy -type ImageCacheConfigSpec -type SeccompProfileSpec -header-file ../../../../hack/boilerplate.txt -o deep_copy.generated.go ."; DO NOT EDIT. +// Code generated by "deep-copy -type RegistriesConfigSpec -type ImageCacheConfigSpec -type SeccompProfileSpec -header-file ../../../../hack/boilerplate.txt -o deep_copy.generated.go ."; DO NOT EDIT. package cri +// DeepCopy generates a deep copy of RegistriesConfigSpec. +func (o RegistriesConfigSpec) DeepCopy() RegistriesConfigSpec { + var cp RegistriesConfigSpec = o + if o.RegistryMirrors != nil { + cp.RegistryMirrors = make(map[string]*RegistryMirrorConfig, len(o.RegistryMirrors)) + for k2, v2 := range o.RegistryMirrors { + var cp_RegistryMirrors_v2 *RegistryMirrorConfig + if v2 != nil { + cp_RegistryMirrors_v2 = new(RegistryMirrorConfig) + *cp_RegistryMirrors_v2 = *v2 + if v2.MirrorEndpoints != nil { + cp_RegistryMirrors_v2.MirrorEndpoints = make([]string, len(v2.MirrorEndpoints)) + copy(cp_RegistryMirrors_v2.MirrorEndpoints, v2.MirrorEndpoints) + } + if v2.MirrorOverridePath != nil { + cp_RegistryMirrors_v2.MirrorOverridePath = new(bool) + *cp_RegistryMirrors_v2.MirrorOverridePath = *v2.MirrorOverridePath + } + if v2.MirrorSkipFallback != nil { + cp_RegistryMirrors_v2.MirrorSkipFallback = new(bool) + *cp_RegistryMirrors_v2.MirrorSkipFallback = *v2.MirrorSkipFallback + } + } + cp.RegistryMirrors[k2] = cp_RegistryMirrors_v2 + } + } + if o.RegistryConfig != nil { + cp.RegistryConfig = make(map[string]*RegistryConfig, len(o.RegistryConfig)) + for k2, v2 := range o.RegistryConfig { + var cp_RegistryConfig_v2 *RegistryConfig + if v2 != nil { + cp_RegistryConfig_v2 = new(RegistryConfig) + *cp_RegistryConfig_v2 = *v2 + if v2.RegistryTLS != nil { + cp_RegistryConfig_v2.RegistryTLS = new(RegistryTLSConfig) + *cp_RegistryConfig_v2.RegistryTLS = *v2.RegistryTLS + if v2.RegistryTLS.TLSClientIdentity != nil { + cp_RegistryConfig_v2.RegistryTLS.TLSClientIdentity = v2.RegistryTLS.TLSClientIdentity.DeepCopy() + } + cp_RegistryConfig_v2.RegistryTLS.TLSCA = v2.RegistryTLS.TLSCA.DeepCopy() + if v2.RegistryTLS.TLSInsecureSkipVerify != nil { + cp_RegistryConfig_v2.RegistryTLS.TLSInsecureSkipVerify = new(bool) + *cp_RegistryConfig_v2.RegistryTLS.TLSInsecureSkipVerify = *v2.RegistryTLS.TLSInsecureSkipVerify + } + } + if v2.RegistryAuth != nil { + cp_RegistryConfig_v2.RegistryAuth = new(RegistryAuthConfig) + *cp_RegistryConfig_v2.RegistryAuth = *v2.RegistryAuth + } + } + cp.RegistryConfig[k2] = cp_RegistryConfig_v2 + } + } + return cp +} + // DeepCopy generates a deep copy of ImageCacheConfigSpec. func (o ImageCacheConfigSpec) DeepCopy() ImageCacheConfigSpec { var cp ImageCacheConfigSpec = o diff --git a/pkg/machinery/resources/cri/registries_config.go b/pkg/machinery/resources/cri/registries_config.go new file mode 100644 index 000000000..98d2a20e2 --- /dev/null +++ b/pkg/machinery/resources/cri/registries_config.go @@ -0,0 +1,140 @@ +// This Source Code Form is subject to the terms of the Mozilla Public +// License, v. 2.0. If a copy of the MPL was not distributed with this +// file, You can obtain one at http://mozilla.org/MPL/2.0/. + +package cri + +import ( + "github.com/cosi-project/runtime/pkg/resource" + "github.com/cosi-project/runtime/pkg/resource/meta" + "github.com/cosi-project/runtime/pkg/resource/protobuf" + "github.com/cosi-project/runtime/pkg/resource/typed" + "github.com/siderolabs/crypto/x509" + + config2 "github.com/siderolabs/talos/pkg/machinery/config/config" + "github.com/siderolabs/talos/pkg/machinery/config/types/v1alpha1" + "github.com/siderolabs/talos/pkg/machinery/proto" +) + +// RegistriesConfigType is type of RegistriesConfig resource. +const RegistriesConfigType = resource.Type("RegistryConfigs.cri.talos.dev") + +// RegistriesConfigID is the singleton resource ID. +const RegistriesConfigID resource.ID = "registries" + +// RegistriesConfig resource holds info about container registries. +type RegistriesConfig = typed.Resource[RegistriesConfigSpec, RegistriesConfigExtension] + +// RegistriesConfigSpec describes status of rendered secrets. +// +//gotagsrewrite:gen +type RegistriesConfigSpec struct { + RegistryMirrors map[string]*RegistryMirrorConfig `yaml:"mirrors,omitempty" protobuf:"1"` + RegistryConfig map[string]*RegistryConfig `yaml:"config,omitempty" protobuf:"2"` +} + +// Mirrors implements the Registries interface. +func (r RegistriesConfigSpec) Mirrors() map[string]config2.RegistryMirrorConfig { + mirrors := make(map[string]config2.RegistryMirrorConfig, len(r.RegistryMirrors)) + + for k, v := range r.RegistryMirrors { + mirrors[k] = (*v1alpha1.RegistryMirrorConfig)(v) + } + + return mirrors +} + +// Config implements the Registries interface. +func (r RegistriesConfigSpec) Config() map[string]config2.RegistryConfig { + registries := make(map[string]config2.RegistryConfig, len(r.RegistryConfig)) + + for k, v := range r.RegistryConfig { + registries[k] = v + } + + return registries +} + +// RegistryMirrorConfig represents mirror configuration for a registry. +// +//gotagsrewrite:gen +type RegistryMirrorConfig struct { + MirrorEndpoints []string `yaml:"endpoints" protobuf:"1"` + MirrorOverridePath *bool `yaml:"overridePath,omitempty" protobuf:"2"` + MirrorSkipFallback *bool `yaml:"skipFallback,omitempty" protobuf:"3"` +} + +// RegistryConfig specifies auth & TLS config per registry. +// +//gotagsrewrite:gen +type RegistryConfig struct { + RegistryTLS *RegistryTLSConfig `yaml:"tls,omitempty" protobuf:"1"` + RegistryAuth *RegistryAuthConfig `yaml:"auth,omitempty" protobuf:"2"` +} + +// TLS implements the Registries interface. +func (c *RegistryConfig) TLS() config2.RegistryTLSConfig { + if c.RegistryTLS == nil { + return nil + } + + return (*v1alpha1.RegistryTLSConfig)(c.RegistryTLS) +} + +// Auth implements the Registries interface. +func (c *RegistryConfig) Auth() config2.RegistryAuthConfig { + if c.RegistryAuth == nil { + return nil + } + + return (*v1alpha1.RegistryAuthConfig)(c.RegistryAuth) +} + +// RegistryAuthConfig specifies authentication configuration for a registry. +// +//gotagsrewrite:gen +type RegistryAuthConfig struct { + RegistryUsername string `yaml:"username,omitempty" protobuf:"1"` + RegistryPassword string `yaml:"password,omitempty" protobuf:"2"` + RegistryAuth string `yaml:"auth,omitempty" protobuf:"3"` + RegistryIdentityToken string `yaml:"identityToken,omitempty" protobuf:"4"` +} + +// RegistryTLSConfig specifies TLS config for HTTPS registries. +// +//gotagsrewrite:gen +type RegistryTLSConfig struct { + TLSClientIdentity *x509.PEMEncodedCertificateAndKey `yaml:"clientIdentity,omitempty" protobuf:"1"` + TLSCA v1alpha1.Base64Bytes `yaml:"ca,omitempty" protobuf:"2"` + TLSInsecureSkipVerify *bool `yaml:"insecureSkipVerify,omitempty" protobuf:"3"` +} + +// NewRegistriesConfig initializes a RegistriesConfig resource. +func NewRegistriesConfig() *RegistriesConfig { + return typed.NewResource[RegistriesConfigSpec, RegistriesConfigExtension]( + resource.NewMetadata(NamespaceName, RegistriesConfigType, RegistriesConfigID, resource.VersionUndefined), + RegistriesConfigSpec{}, + ) +} + +// RegistriesConfigExtension provides auxiliary methods for RegistriesConfig. +type RegistriesConfigExtension struct{} + +// ResourceDefinition implements [typed.Extension] interface. +func (RegistriesConfigExtension) ResourceDefinition() meta.ResourceDefinitionSpec { + return meta.ResourceDefinitionSpec{ + Type: RegistriesConfigType, + Aliases: []resource.Type{}, + DefaultNamespace: NamespaceName, + PrintColumns: []meta.PrintColumn{}, + } +} + +func init() { + proto.RegisterDefaultTypes() + + err := protobuf.RegisterDynamic[RegistriesConfigSpec](RegistriesConfigType, &RegistriesConfig{}) + if err != nil { + panic(err) + } +} diff --git a/website/content/v1.9/reference/api.md b/website/content/v1.9/reference/api.md index 2c5ea5bf6..2b0066d5b 100644 --- a/website/content/v1.9/reference/api.md +++ b/website/content/v1.9/reference/api.md @@ -56,6 +56,13 @@ description: Talos gRPC API reference. - [resource/definitions/cri/cri.proto](#resource/definitions/cri/cri.proto) - [ImageCacheConfigSpec](#talos.resource.definitions.cri.ImageCacheConfigSpec) + - [RegistriesConfigSpec](#talos.resource.definitions.cri.RegistriesConfigSpec) + - [RegistriesConfigSpec.RegistryConfigEntry](#talos.resource.definitions.cri.RegistriesConfigSpec.RegistryConfigEntry) + - [RegistriesConfigSpec.RegistryMirrorsEntry](#talos.resource.definitions.cri.RegistriesConfigSpec.RegistryMirrorsEntry) + - [RegistryAuthConfig](#talos.resource.definitions.cri.RegistryAuthConfig) + - [RegistryConfig](#talos.resource.definitions.cri.RegistryConfig) + - [RegistryMirrorConfig](#talos.resource.definitions.cri.RegistryMirrorConfig) + - [RegistryTLSConfig](#talos.resource.definitions.cri.RegistryTLSConfig) - [SeccompProfileSpec](#talos.resource.definitions.cri.SeccompProfileSpec) - [resource/definitions/enums/enums.proto](#resource/definitions/enums/enums.proto) @@ -1306,6 +1313,122 @@ ImageCacheConfigSpec represents the ImageCacheConfig. + + +### RegistriesConfigSpec +RegistriesConfigSpec describes status of rendered secrets. + + +| Field | Type | Label | Description | +| ----- | ---- | ----- | ----------- | +| registry_mirrors | [RegistriesConfigSpec.RegistryMirrorsEntry](#talos.resource.definitions.cri.RegistriesConfigSpec.RegistryMirrorsEntry) | repeated | | +| registry_config | [RegistriesConfigSpec.RegistryConfigEntry](#talos.resource.definitions.cri.RegistriesConfigSpec.RegistryConfigEntry) | repeated | | + + + + + + + + +### RegistriesConfigSpec.RegistryConfigEntry + + + +| Field | Type | Label | Description | +| ----- | ---- | ----- | ----------- | +| key | [string](#string) | | | +| value | [RegistryConfig](#talos.resource.definitions.cri.RegistryConfig) | | | + + + + + + + + +### RegistriesConfigSpec.RegistryMirrorsEntry + + + +| Field | Type | Label | Description | +| ----- | ---- | ----- | ----------- | +| key | [string](#string) | | | +| value | [RegistryMirrorConfig](#talos.resource.definitions.cri.RegistryMirrorConfig) | | | + + + + + + + + +### RegistryAuthConfig +RegistryAuthConfig specifies authentication configuration for a registry. + + +| Field | Type | Label | Description | +| ----- | ---- | ----- | ----------- | +| registry_username | [string](#string) | | | +| registry_password | [string](#string) | | | +| registry_auth | [string](#string) | | | +| registry_identity_token | [string](#string) | | | + + + + + + + + +### RegistryConfig +RegistryConfig specifies auth & TLS config per registry. + + +| Field | Type | Label | Description | +| ----- | ---- | ----- | ----------- | +| registry_tls | [RegistryTLSConfig](#talos.resource.definitions.cri.RegistryTLSConfig) | | | +| registry_auth | [RegistryAuthConfig](#talos.resource.definitions.cri.RegistryAuthConfig) | | | + + + + + + + + +### RegistryMirrorConfig +RegistryMirrorConfig represents mirror configuration for a registry. + + +| Field | Type | Label | Description | +| ----- | ---- | ----- | ----------- | +| mirror_endpoints | [string](#string) | repeated | | +| mirror_override_path | [bool](#bool) | | | +| mirror_skip_fallback | [bool](#bool) | | | + + + + + + + + +### RegistryTLSConfig +RegistryTLSConfig specifies TLS config for HTTPS registries. + + +| Field | Type | Label | Description | +| ----- | ---- | ----- | ----------- | +| tls_client_identity | [common.PEMEncodedCertificateAndKey](#common.PEMEncodedCertificateAndKey) | | | +| tlsca | [bytes](#bytes) | | | +| tls_insecure_skip_verify | [bool](#bool) | | | + + + + + + ### SeccompProfileSpec