diff --git a/CHANGELOG.md b/CHANGELOG.md
index 840d0a6a..95933702 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
## [Unreleased]
+### Added
+
+- Add `components.containerd` to the schema and values.
+
## [0.64.0] - 2024-12-11
### Changed
diff --git a/helm/cluster-cloud-director/README.md b/helm/cluster-cloud-director/README.md
index 19680e7f..b6ed1568 100644
--- a/helm/cluster-cloud-director/README.md
+++ b/helm/cluster-cloud-director/README.md
@@ -16,6 +16,32 @@ Properties within the `.internal` top-level object
| `internal.skipRde` | **Skip RDE** - Set to true if the API schema extension is installed in the correct version in VCD to create CAPVCD entities in the API. Set to false otherwise.|**Type:** `boolean`
|
| `internal.useAsManagementCluster` | **Display as management cluster**|**Type:** `boolean`
**Default:** `false`|
+### Components
+Properties within the `.global.components` object
+Advanced configuration of components that are running on all nodes.
+
+| **Property** | **Description** | **More Details** |
+| :----------- | :-------------- | :--------------- |
+| `global.components.containerd` | **Containerd** - Configuration of containerd.|**Type:** `object`
|
+| `global.components.containerd.containerRegistries` | **Container registries** - Endpoints and credentials configuration for container registries.|**Type:** `object`
**Default:** `{}`|
+| `global.components.containerd.containerRegistries.*` | **Registries** - Container registries and mirrors|**Type:** `array`
|
+| `global.components.containerd.containerRegistries.*[*]` | **Registry**|**Type:** `object`
|
+| `global.components.containerd.containerRegistries.*[*].credentials` | **Credentials**|**Type:** `object`
|
+| `global.components.containerd.containerRegistries.*[*].credentials.auth` | **Auth** - Base64-encoded string from the concatenation of the username, a colon, and the password.|**Type:** `string`
|
+| `global.components.containerd.containerRegistries.*[*].credentials.identitytoken` | **Identity token** - Used to authenticate the user and obtain an access token for the registry.|**Type:** `string`
|
+| `global.components.containerd.containerRegistries.*[*].credentials.password` | **Password** - Used to authenticate for the registry with username/password.|**Type:** `string`
|
+| `global.components.containerd.containerRegistries.*[*].credentials.username` | **Username** - Used to authenticate for the registry with username/password.|**Type:** `string`
|
+| `global.components.containerd.containerRegistries.*[*].endpoint` | **Endpoint** - Endpoint for the container registry.|**Type:** `string`
|
+| `global.components.containerd.localRegistryCache` | **Local registry caches configuration** - Enable local cache via http://127.0.0.1:.|**Type:** `object`
|
+| `global.components.containerd.localRegistryCache.enabled` | **Enable local registry caches** - Flag to enable local registry cache.|**Type:** `boolean`
**Default:** `false`|
+| `global.components.containerd.localRegistryCache.mirroredRegistries` | **Registries to cache locally** - A list of registries that should be cached.|**Type:** `array`
**Default:** `[]`|
+| `global.components.containerd.localRegistryCache.mirroredRegistries[*]` |**None**|**Type:** `string`
|
+| `global.components.containerd.localRegistryCache.port` | **Local port for the registry cache** - Port for the local registry cache under: http://127.0.0.1:.|**Type:** `integer`
**Default:** `32767`|
+| `global.components.containerd.managementClusterRegistryCache` | **Management cluster registry cache** - Caching container registry on a management cluster level.|**Type:** `object`
|
+| `global.components.containerd.managementClusterRegistryCache.enabled` | **Enabled** - Enabling this will configure containerd to use management cluster's Zot registry service. To make use of it as a pull-through cache, you also have to specify registries to cache images for.|**Type:** `boolean`
**Default:** `true`|
+| `global.components.containerd.managementClusterRegistryCache.mirroredRegistries` | **Registries to cache** - Here you must specify each registry to cache container images for. Please also make sure to have an entry for each registry in Global > Components > Containerd > Container registries.|**Type:** `array`
**Default:** `[]`|
+| `global.components.containerd.managementClusterRegistryCache.mirroredRegistries[*]` |**None**|**Type:** `string`
|
+
### Connectivity
Properties within the `.connectivity` top-level object
Configurations related to cluster connectivity such as container registries.
diff --git a/helm/cluster-cloud-director/ci/test-multiple-mirrors-with-auth-and-local-caching.yaml b/helm/cluster-cloud-director/ci/test-multiple-mirrors-with-auth-and-local-caching.yaml
index 7abfa1e9..4fe590de 100644
--- a/helm/cluster-cloud-director/ci/test-multiple-mirrors-with-auth-and-local-caching.yaml
+++ b/helm/cluster-cloud-director/ci/test-multiple-mirrors-with-auth-and-local-caching.yaml
@@ -1,25 +1,27 @@
global:
+ components:
+ containerd:
+ containerRegistries:
+ gsoci.azurecr.io:
+ - endpoint: zot-test-1.golem.gaws.gigantic.io
+ credentials:
+ username: example
+ password: xxxxx
+ gsociprivate.azurecr.io:
+ - endpoint: zot-test-2.golem.gaws.gigantic.io
+ credentials:
+ username: example
+ password: yyyyy
+ localRegistryCache:
+ enabled: true
+ mirroredRegistries:
+ - gsoci.azurecr.io
+ - gsociprivate.azurecr.io
connectivity:
network:
loadBalancers:
vipSubnet: 10.205.9.254/24
baseDomain: "test.gigantic.io"
- containerRegistries:
- gsoci.azurecr.io:
- - endpoint: zot-test-1.golem.gaws.gigantic.io
- credentials:
- username: example
- password: xxxxx
- gsociprivate.azurecr.io:
- - endpoint: zot-test-2.golem.gaws.gigantic.io
- credentials:
- username: example
- password: yyyyy
- localRegistryCache:
- enabled: true
- mirroredRegistries:
- - gsoci.azurecr.io
- - gsociprivate.azurecr.io
metadata:
description: "Testing Cluster"
name: "test"
diff --git a/helm/cluster-cloud-director/values.schema.json b/helm/cluster-cloud-director/values.schema.json
index 5ea9d5e6..18c3c5a6 100644
--- a/helm/cluster-cloud-director/values.schema.json
+++ b/helm/cluster-cloud-director/values.schema.json
@@ -531,6 +531,135 @@
"nodePools"
],
"properties": {
+ "components": {
+ "type": "object",
+ "title": "Components",
+ "description": "Advanced configuration of components that are running on all nodes.",
+ "additionalProperties": false,
+ "properties": {
+ "containerd": {
+ "type": "object",
+ "title": "Containerd",
+ "description": "Configuration of containerd.",
+ "required": [
+ "containerRegistries"
+ ],
+ "additionalProperties": false,
+ "properties": {
+ "containerRegistries": {
+ "type": "object",
+ "title": "Container registries",
+ "description": "Endpoints and credentials configuration for container registries.",
+ "additionalProperties": {
+ "type": "array",
+ "title": "Registries",
+ "description": "Container registries and mirrors",
+ "items": {
+ "type": "object",
+ "title": "Registry",
+ "required": [
+ "endpoint"
+ ],
+ "properties": {
+ "credentials": {
+ "type": "object",
+ "title": "Credentials",
+ "properties": {
+ "auth": {
+ "type": "string",
+ "title": "Auth",
+ "description": "Base64-encoded string from the concatenation of the username, a colon, and the password."
+ },
+ "identitytoken": {
+ "type": "string",
+ "title": "Identity token",
+ "description": "Used to authenticate the user and obtain an access token for the registry."
+ },
+ "password": {
+ "type": "string",
+ "title": "Password",
+ "description": "Used to authenticate for the registry with username/password."
+ },
+ "username": {
+ "type": "string",
+ "title": "Username",
+ "description": "Used to authenticate for the registry with username/password."
+ }
+ }
+ },
+ "endpoint": {
+ "type": "string",
+ "title": "Endpoint",
+ "description": "Endpoint for the container registry."
+ }
+ }
+ }
+ },
+ "default": {}
+ },
+ "localRegistryCache": {
+ "type": "object",
+ "title": "Local registry caches configuration",
+ "description": "Enable local cache via http://127.0.0.1:.",
+ "required": [
+ "enabled",
+ "port"
+ ],
+ "additionalProperties": false,
+ "properties": {
+ "enabled": {
+ "type": "boolean",
+ "title": "Enable local registry caches",
+ "description": "Flag to enable local registry cache.",
+ "default": false
+ },
+ "mirroredRegistries": {
+ "type": "array",
+ "title": "Registries to cache locally",
+ "description": "A list of registries that should be cached.",
+ "items": {
+ "type": "string"
+ },
+ "default": []
+ },
+ "port": {
+ "type": "integer",
+ "title": "Local port for the registry cache",
+ "description": "Port for the local registry cache under: http://127.0.0.1:.",
+ "default": 32767
+ }
+ }
+ },
+ "managementClusterRegistryCache": {
+ "type": "object",
+ "title": "Management cluster registry cache",
+ "description": "Caching container registry on a management cluster level.",
+ "required": [
+ "enabled"
+ ],
+ "additionalProperties": false,
+ "properties": {
+ "enabled": {
+ "type": "boolean",
+ "title": "Enabled",
+ "description": "Enabling this will configure containerd to use management cluster's Zot registry service. To make use of it as a pull-through cache, you also have to specify registries to cache images for.",
+ "default": true
+ },
+ "mirroredRegistries": {
+ "type": "array",
+ "title": "Registries to cache",
+ "description": "Here you must specify each registry to cache container images for. Please also make sure to have an entry for each registry in Global > Components > Containerd > Container registries.",
+ "items": {
+ "type": "string"
+ },
+ "default": []
+ }
+ }
+ }
+ }
+ }
+ }
+ },
"connectivity": {
"type": "object",
"title": "Connectivity",
diff --git a/helm/cluster-cloud-director/values.yaml b/helm/cluster-cloud-director/values.yaml
index 34ec0cd9..834cfced 100644
--- a/helm/cluster-cloud-director/values.yaml
+++ b/helm/cluster-cloud-director/values.yaml
@@ -232,6 +232,16 @@ cluster:
connectivity:
containerRegistries: {}
global:
+ components:
+ containerd:
+ containerRegistries: {}
+ localRegistryCache:
+ enabled: false
+ mirroredRegistries: []
+ port: 32767
+ managementClusterRegistryCache:
+ enabled: true
+ mirroredRegistries: []
connectivity:
containerRegistries: {}
localRegistryCache: