Convert RKE2 registries to template, disable default endpoints (#474)

## Summary
- Replace static `registries.yaml` with EPP template driven by `rke2::registries` hash
- Add `disable-default-registry-endpoint: true` to all mirrors — RKE2 will only use artifactapi and never fall back to upstream registries
- Registry configuration now fully managed via hiera data (`roles/infra/k8s.yaml`)

Reviewed-on: #474
Co-authored-by: Ben Vincent <ben@unkin.net>
Co-committed-by: Ben Vincent <ben@unkin.net>
This commit was merged in pull request #474.
This commit is contained in:
2026-06-29 22:30:48 +10:00
committed by BenVincent
parent 7b53be7f8c
commit aeae26711f
6 changed files with 79 additions and 39 deletions
+2 -1
View File
@@ -8,6 +8,7 @@ class rke2::config (
String $node_token = $rke2::node_token,
Array[String[1]] $extra_config_files = $rke2::extra_config_files,
Boolean $manage_registries = $rke2::manage_registries,
Hash $registries = $rke2::registries,
){
# if its not the bootstrap node, add join path to config
@@ -35,7 +36,7 @@ class rke2::config (
owner => 'root',
group => 'root',
mode => '0644',
source => 'puppet:///modules/rke2/registries.yaml',
content => epp('rke2/registries.yaml.epp', { registries => $registries }),
require => Package["rke2-${node_type}"],
notify => Service["rke2-${node_type}"],
}
+1
View File
@@ -13,6 +13,7 @@ class rke2 (
Array[String[1]] $extra_config_files = $rke2::params::extra_config_files,
Stdlib::HTTPUrl $container_archive_source = $rke2::params::container_archive_source,
Boolean $manage_registries = $rke2::params::manage_registries,
Hash $registries = $rke2::params::registries,
) inherits rke2::params {
include rke2::install
+1
View File
@@ -13,4 +13,5 @@ class rke2::params (
Array[String[1]] $extra_config_files = [],
Stdlib::HTTPUrl $container_archive_source = 'https://github.com/rancher/rke2/releases/download',
Boolean $manage_registries = false,
Hash $registries = {},
) {}