Wildcard Container Registry Mirrors

[ajski1701]

Image I'm using:
bottlerocket-aws-k8s-1.21-x86_64-v1.2.1-02e4faf1

What I expected to happen:
Bottlerocket starts cleanly and joins an EKS cluster. Is also able to pull unqualified images from either https://registry-0.acme.com or https://registry-1.acme.com.

What actually happened:
Bottlerocket fails to join the EKS cluster

How to reproduce the problem:
Configure Bottlerocket's user data with the following toml:

[settings.container-registry.mirrors]
"*" = ["https://registry-0.acme.com","https://registry-1.acme.com"]

This configuration should be supported by containerd as per https://github.com/containerd/containerd/blob/main/docs/cri/registry.md#configure-registry-endpoint

[jpculp]

@ajski1701, thanks for reaching out. We'll give it a look!

[ajski1701]

I was able to write up a workaround to get the expected functionality to be able to pull container images via unqualified image names by setting both acme.com registries as mirrors of docker.io:

[settings.container-registry.mirrors]
"docker.io" = ["https://registry-1.docker.io","https://registry-0.acme.com","https://registry-1.acme.com"]

Neither acme.com registry is actually any sort of mirror of docker.io but this seems to support my use case until the usage of wildcards is supported/fixed in Bottlerocket.