containerd_registries_mirrors is mandatory for containerd server

[sathieu]

What type of PR is this?

Uncomment only one /kind <> line, hit enter to put that in a new line, and remove leading whitespaces from that line:

/kind api-change /kind bug /kind cleanup /kind design /kind documentation /kind failing-test /kind feature /kind flake

What this PR does / why we need it:

Which issue(s) this PR fixes:

Fixes #

Special notes for your reviewer:

Does this PR introduce a user-facing change?:

[k8s-ci-robot]

Adding the "do-not-merge/release-note-label-needed" label because no release-note block was detected, please follow our release note process to remove it.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes-sigs/prow](https://github.com/kubernetes-sigs/prow/issues/new?title=Prow%20issue:) repository.

[k8s-ci-robot]

Hi @sathieu. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes-sigs/prow](https://github.com/kubernetes-sigs/prow/issues/new?title=Prow%20issue:) repository.

[yankay]

/ok-to-test Thanks @sathieu

More information may be added to the PR describtion :-) /approve

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: sathieu, yankay

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/kubernetes-sigs/kubespray/blob/master/OWNERS)~~ [yankay] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment

[tico88612]

Please edit your PR content.

/hold

[sathieu]

I don't understand this PR change; I see that the template doesn't need to add this variable.

https://github.com/kubernetes-sigs/kubespray/blob/93ee1226ebcadbf449d12cb444b2ea456a1c37ca/roles/container-engine/containerd/templates/config.toml.j2#L72

This is because when the path is not set, the server param is not applied.

This is not clearly documented, but I think this comes from here:

https://github.com/containerd/containerd/blob/v1.7.22/remotes/docker/config/hosts.go#L78-L90

The advanced options (use_path, server) are only available when config_path is used.

The server part is in the parseHostConfig function:

https://github.com/containerd/containerd/blob/v1.7.22/remotes/docker/config/hosts.go#L419

Which is called from parseHostsFile called from loadHostDir.

The legacy part is not setting server :

https://github.com/containerd/containerd/blob/v1.7.22/remotes/docker/config/hosts.go#L92-L269

[tico88612]

It should be that containerd_registries_mirrors has been deprecated in Containerd, and it should be a matter of fixing the configuration file to the format that is currently supported by Containerd (the hosts are all written in /etc/containerd/certs.d).

[sathieu]

@tico88612 the new format is already supported (and enabled with containerd_use_config_path: true). Maybe change the default to containerd_use_config_path: true? Or remove the option to set it to false...

[sathieu]

PR can be closed once https://github.com/kubernetes-sigs/kubespray/pull/11755 is merged.