Support Containerd Registry Mirrors

[jhunt]

This commit introduces containerd OCI registry mirroring, allowing operators to run their own registries, complete with authantication (user-based, certificate-based) etcd, to either shadow upstream names like postgres (originally from docker.io), or to provide custom private registries without giving out credentials to cluster users.

Also new is manifests/mirrornetes, a tinynetes configuration that ships with multiple, separate registries, of varying configurations, and custom mirror definitions to validate the implementation.

[obeyler]

to my part I prefer to keep the insecure_skip_verify rather than verify to point that you use an insecure repository. I think it's for this raison that containerd team uses this term. Docker team uses also the same term.

[jhunt]

I will definitely don't not unignore that feedback, @obeyler 😉

[obeyler]

ttar is what kind of tools ? is it like tar ?

[obeyler]

@jhunt Except my review about the verify parameter, I've tested this PR on my airgap environment and everything seems to be OK.

[obeyler]

@jhunt At the end, I see you preferred to keep verify rather than insecure_skip_verify . Do you plan to make release soon ?

[jhunt]

I do indeed. Given that K8s 1.19 is set to drop in early August, I wanted to get a 1.18.5 out today or tomorrow. Is #50 going to be out of draft and ready for review before the end of the week? If so, I'd like to include it in the release.

[obeyler]

@jhunt I'm not yet satisfied of #50 and as I need to do many other work before my holidays I think I can't finish it before august.