cri_keychain: preserve access to private registries across restart

### Issue

Currently cri keychain holds registry creds only on memory. When stargz-snapshotter restarts, it doesn't have registry creds anymore so it starts to fail to access to the regisry. We should fix this behaviour to prevent issues like #1989 and https://github.com/containerd/stargz-snapshotter/pull/1584#issuecomment-2073686091 .

### Current workaround

- A. Use other authentication methods like [dockerconfig-based one](https://github.com/containerd/stargz-snapshotter/blob/v0.16.3/docs/overview.md#dockerconfig-based-authentication) or [kubeconfig-based one](https://github.com/containerd/stargz-snapshotter/blob/v0.16.3/docs/overview.md#kubeconfig-based-authentication) that enables the snapshotter to acquire creds during restarting.
- B. Add a configuration to allow stargz-snapshotter to start even with restoration failure:
  ```
  [snapshotter]
  allow_invalid_mounts_on_restart = true
  ```
  Note: the user need to manually remove these (possibly empty) broken images after stargz-snapshotter started, using `ctr image rm <image-name>`. See also  https://github.com/containerd/stargz-snapshotter/pull/901

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

cri_keychain: preserve access to private registries across restart #1990

Issue

Current workaround

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

cri_keychain: preserve access to private registries across restart #1990

Description

Issue

Current workaround

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions