Currently (on Konvoy versions up to 1.6.x, 1.7.x and 1.8.x), the containerd configuration can be specified only during the first install of Konvoy, containerd or during an upgrade of Konvoy that changes the containerd version.
That often means any containerd configuration (like registry credentials, for example, for Docker rate limitations mitigation) must be specified either at first Konvoy deployment, or manually via editing the /etc/containerd/config.toml files and restarting the containerd service on cluster's nodes.
While the described behavior is expected to be changed in subsequent Konvoy versions, there is a workaround for changing containerd configuration via cluster.yaml and 'konvoy up' for cloud and on-prem deployments in many cases, as long as you don't need to set the spec.kubernetes.imageRepository to a specific value.
Since the containerd registry credentials are in spec.imageRegistries, they do not trigger an update.
The workaround is to modify the spec.kubernetes stanza in the cluster.yaml to trigger the containerd update.
So, for example, you could change/add a registry credentials by simultaneously adding the "imageRepository: k8s.gcr.io" line into spec.kubernetes section of the cluster.yaml. The k8s.gcr.io is the default value for imageRepository, so, it provides the same configuration, but is enough of a change to trigger reconfiguration of contained during executing following 'konvoy up'.
Here, for example, is a portion of cluster.yaml with the additional imageRepository line added:
kind: ClusterConfiguration spec: imageRegistries: - server: https://registry-1.docker.io username: login1 password: password1 kubernetes: imageRepository: k8s.gcr.io version: 1.19.9
It also works in the opposite direction; when you need to add/change credentials simultaneously with deleting the line "imageRepository: k8s.gcr.io".
Here, for example, is a portion of cluster.yaml with new docker's credentials and simultaneous deletion of previously existing imageRepository line:
kind: ClusterConfiguration spec: imageRegistries: - server: https://registry-1.docker.io username: login2 password: password2 kubernetes: version: 1.19.9