salt: set NO_PROXY for containerd

Set NO_PROXY environment variable with control, workload plane and K8s internal networks in containerd systemd unit file, to avoid using system wide defined HTTP(S) proxy, if any, when trying to pull resources from metalk8s registry. Refs: #2052
scality · Nov 22, 2019 · 22396d2 · 22396d2
1 parent 2679715
commit 22396d2
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 1 deletion.
diff --git a/...-engine/containerd/files/50-metalk8s.conf → ...gine/containerd/files/50-metalk8s.conf.j2 b/...-engine/containerd/files/50-metalk8s.conf → ...gine/containerd/files/50-metalk8s.conf.j2
@@ -2,3 +2,4 @@
 # See https://github.com/containerd/containerd/issues/3201
 # See https://github.com/containerd/containerd/pull/3202
 LimitNOFILE=1048576
+Environment="{{ environment }}"
diff --git a/salt/metalk8s/container-engine/containerd/installed.sls b/salt/metalk8s/container-engine/containerd/installed.sls
@@ -2,6 +2,7 @@
 {%- from "metalk8s/map.jinja" import metalk8s with context %}
 {%- from "metalk8s/map.jinja" import kubelet with context %}
 {%- from "metalk8s/map.jinja" import repo with context %}
+{%- from "metalk8s/map.jinja" import networks with context %}
 
 {%- set registry_ip = metalk8s.endpoints['repositories'].ip %}
 {%- set registry_port = metalk8s.endpoints['repositories'].ports.http %}
@@ -36,12 +37,16 @@ Install containerd:
 Create containerd service drop-in:
   file.managed:
     - name: /etc/systemd/system/containerd.service.d/50-metalk8s.conf
-    - source: salt://{{ slspath }}/files/50-metalk8s.conf
+    - source: salt://{{ slspath }}/files/50-metalk8s.conf.j2
+    - template: jinja
     - user: root
     - group: root
     - mode: 0644
     - makedirs: true
     - dir_mode: 0755
+    - context:
+      environment: >-
+        NO_PROXY=127.0.0.1,localhost,{{ networks.values() | join(",") }}
     - require:
       - metalk8s_package_manager: Install containerd