Skip to content

The injected proxy configuration will not be automatically deleted #4541

New issue
New issue
Open
Open
The injected proxy configuration will not be automatically deleted#4541
Labels
bug
@zsksy123

Description

@zsksy123
zsksy123
opened on Jan 5, 2026

Version Information

helm list
NAME     	NAMESPACE	REVISION	UPDATED                             	STATUS  	CHART          	APP VERSION
dragonfly	dragonfly	2       	2026-01-05 17:02:31.655843 +0800 CST	deployed	dragonfly-1.4.0	2.3.0

The previous configuration was as follows

client:
  dfinit:
    enable: true
    config:
      containerRuntime:
        containerd:
          # -- configPath is the path of containerd configuration file.
          configPath: /etc/containerd/config.toml
          # -- registries is the list of containerd registries. hostNamespace is the location where container images and artifacts are sourced,
          # refer to https://github.com/containerd/containerd/blob/main/docs/hosts.md#registry-host-namespace. The registry host namespace
          # portion is [registry_host_name|IP address][:port], such as docker.io, ghcr.io, gcr.io, etc. serverAddr specifies the default server
          # for this registry host namespace, refer to https://github.com/containerd/containerd/blob/main/docs/hosts.md#server-field.
          # capabilities is the list of capabilities in containerd configuration, refer to
          # https://github.com/containerd/containerd/blob/main/docs/hosts.md#capabilities-field.
          # skip_verify is the flag to skip verifying the server's certificate, refer to
          # https://github.com/containerd/containerd/blob/main/docs/hosts.md#bypass-tls-verification-example.
          # ca (Certificate Authority Certification) can be set to a path or an array of paths each pointing
          # to a ca file for use in authenticating with the registry namespace, refer to
          # https://github.com/containerd/containerd/blob/main/docs/hosts.md#ca-field.
          registries:
            # - hostNamespace: docker.io
            #   serverAddr: https://index.docker.io
            #   capabilities: ["pull", "resolve"]
            #   skipVerify: true
            #   # ca: []
            # - hostNamespace: ghcr.io
            #   serverAddr: https://ghcr.io
            #   capabilities: ["pull", "resolve"]
            #   skipVerify: true
            #   # ca: []
            - hostNamespace: quay.io
              serverAddr: https://quay.io
              capabilities: ["pull", "resolve"]
              skipVerify: true
              # ca: []
            - hostNamespace: registry.cn-hangzhou.aliyuncs.com
              serverAddr: https://registry.cn-hangzhou.aliyuncs.com
              capabilities: ["pull", "resolve"]
              skipVerify: true
              # ca: []

The injected configuration is as follows

ls -l /etc/containerd/certs.d/
total 12
drwxr-xr-x 2 root root 4096 May 23  2025 quay.io
drwxr-xr-x 2 root root 4096 May 23  2025 registry.cn-hangzhou.aliyuncs.com

After I deleted the configuration of quay.io, the injected quay.io configuration did not get deleted.

client:
  dfinit:
    enable: true
    config:
      containerRuntime:
        containerd:
          # -- configPath is the path of containerd configuration file.
          configPath: /etc/containerd/config.toml
          # -- registries is the list of containerd registries. hostNamespace is the location where container images and artifacts are sourced,
          # refer to https://github.com/containerd/containerd/blob/main/docs/hosts.md#registry-host-namespace. The registry host namespace
          # portion is [registry_host_name|IP address][:port], such as docker.io, ghcr.io, gcr.io, etc. serverAddr specifies the default server
          # for this registry host namespace, refer to https://github.com/containerd/containerd/blob/main/docs/hosts.md#server-field.
          # capabilities is the list of capabilities in containerd configuration, refer to
          # https://github.com/containerd/containerd/blob/main/docs/hosts.md#capabilities-field.
          # skip_verify is the flag to skip verifying the server's certificate, refer to
          # https://github.com/containerd/containerd/blob/main/docs/hosts.md#bypass-tls-verification-example.
          # ca (Certificate Authority Certification) can be set to a path or an array of paths each pointing
          # to a ca file for use in authenticating with the registry namespace, refer to
          # https://github.com/containerd/containerd/blob/main/docs/hosts.md#ca-field.
          registries:
            # - hostNamespace: docker.io
            #   serverAddr: https://index.docker.io
            #   capabilities: ["pull", "resolve"]
            #   skipVerify: true
            #   # ca: []
            # - hostNamespace: ghcr.io
            #   serverAddr: https://ghcr.io
            #   capabilities: ["pull", "resolve"]
            #   skipVerify: true
            #   # ca: []
            - hostNamespace: registry.cn-hangzhou.aliyuncs.com
              serverAddr: https://registry.cn-hangzhou.aliyuncs.com
              capabilities: ["pull", "resolve"]
              skipVerify: true
              # ca: []

The injected quay.io configuration has not been deleted.
ls -l /etc/containerd/certs.d/
total 12
drwxr-xr-x 2 root root 4096 May 23 2025 quay.io
drwxr-xr-x 2 root root 4096 May 23 2025 registry.cn-hangzhou.aliyuncs.com

Metadata

Metadata

Assignees

No one assigned

    Labels

    bug

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions