moved container registry mirrors to configuration

2025-09-04 10:43:59 +02:00
parent d7b993dc21
commit bcb019c17d
6 changed files with 19 additions and 16 deletions
--- a/00-infrastructure/01-tofu/talos/config.tf
+++ b/00-infrastructure/01-tofu/talos/config.tf
@@ -61,6 +61,7 @@ data "talos_machine_configuration" "this" {
      http_proxy         = var.cluster.http_proxy
      no_proxy           = var.cluster.no_proxy
      ntp_servers        = var.cluster.ntp_servers
+      registry_mirrors   = var.cluster.registry_mirrors
      hostname           = each.key
      kubelet            = var.cluster.kubelet
    }), each.value.machine_type == "controlplane" ?
--- a/00-infrastructure/01-tofu/talos/machine-config/common.yaml.tftpl
+++ b/00-infrastructure/01-tofu/talos/machine-config/common.yaml.tftpl
@@ -1,22 +1,14 @@
 machine:
+%{if length(registry_mirrors) > 0}
  registries:
    mirrors:
-      docker.io:
+%{for registry_name, endpoint in registry_mirrors }
+      ${registry_name}:
        endpoints:
-          - http://harbor.prod.eis-mk8.de.s5b.org/v2/proxy-docker.io
-        overridePath: true
-      ghcr.io:
-        endpoints:
-          - http://harbor.prod.eis-mk8.de.s5b.org/v2/proxy-ghcr.io
-        overridePath: true
-      gcr.io:
-        endpoints:
-          - http://harbor.prod.eis-mk8.de.s5b.org/v2/proxy-gcr.io
-        overridePath: true
-      registry.k8s.io:
-        endpoints:
-          - http://harbor.prod.eis-mk8.de.s5b.org/v2/proxy-registry.k8s.io
+          - ${endpoint}
        overridePath: true
+%{endfor}
+%{endif}
  kubelet:
    image: ghcr.io/siderolabs/kubelet:${kubernetes_version}
 %{if kubelet != ""}
--- a/00-infrastructure/01-tofu/talos/variables.tf
+++ b/00-infrastructure/01-tofu/talos/variables.tf
@@ -24,6 +24,7 @@ variable "cluster" {
    gateway_api_version          = string
    node_network_vlan            = optional(number)
    ntp_servers                  = optional(list(string), [])
+    registry_mirrors             = map(string)
    http_proxy                   = optional(string, "")
    no_proxy                     = optional(string, "")
    extra_manifests              = optional(list(string))
--- a/00-infrastructure/01-tofu/talos_cluster.auto.tfvars
+++ b/00-infrastructure/01-tofu/talos_cluster.auto.tfvars
@@ -16,4 +16,12 @@ talos_cluster_config  = {
        bootstrap_manifest_path = "talos/inline-manifests/cilium_install.yaml"
        values_file_path        = "../../02-k8s/infra/network/cilium/values.yaml"
    }
+
+    registry_mirrors = {
+      "docker.io" = "https://harbor.prod.eis-mk8.de.s5b.org/v2/proxy-docker.io"
+      "ghcr.io" = "https://harbor.prod.eis-mk8.de.s5b.org/v2/proxy-ghcr.io"
+      "gcr.io" = "https://harbor.prod.eis-mk8.de.s5b.org/v2/proxy-gcr.io"
+      "registry.k8s.io" = "https://harbor.prod.eis-mk8.de.s5b.org/v2/proxy-registry.k8s.io"
+      "mcr.microsoft.com" = "https://harbor.prod.eis-mk8.de.s5b.org/v2/proxy-mcr.microsoft.com"
+    }
 }
--- a/00-infrastructure/01-tofu/variables.tf
+++ b/00-infrastructure/01-tofu/variables.tf
@@ -43,6 +43,7 @@ variable "talos_cluster_config" {
    http_proxy                   = optional(string)
    no_proxy                     = optional(string)
    ntp_servers                  = optional(list(string), [])
+    registry_mirrors             = map(string)
    extra_manifests              = optional(list(string), [])
    kubelet                      = optional(string, "")
    api_server                   = optional(string)
--- a/02-k8s/infra/network/cilium/values.yaml
+++ b/02-k8s/infra/network/cilium/values.yaml
@@ -76,8 +76,8 @@ loadBalancer:

 gatewayAPI:
  enabled: true
-#  enableAlpn: true
-#  enableAppProtocol: true
+  enableAlpn: true
+  enableAppProtocol: true

 envoy:
  prometheus: