Containerd镜像加速及私有仓库配置(用户密码和忽略HTTPS)

2024-10-20 405 0

containerd 使用https://docker.mirrors.ustc.edu.cn加速 抽风403

FATA[0038] pulling image: rpc error: code = Unknown desc = failed to pull and unpack image "docker.io/library/nginx:alpine": failed to copy: httpReadSeeker: failed open: unexpected status code https://docker.mirrors.ustc.edu.cn/v2/library/busybox/blobs/sha256:8c811b4aec35f259572d0f79207bc0678df4c736eeec50bc9fec37ed936a472a?ns=docker.io: 403 Forbidden 

curl -X GET -H "Accept: application/vnd.docker.distribution.manifest.list.v2+json"  https://docker.mirrors.ustc.edu.cn/v2/library/busybox/blobs/sha256:8c811b4aec35f259572d0f79207bc0678df4c736eeec50bc9fec37ed936a472a?ns=docker.io

<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>openresty</center>
</body>
</html>

DaoCloud Mirrors Github

# vim /etc/containerd/config.toml 

[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
            endpoint = ["https://docker.m.daocloud.io","http://hub-mirror.c.163.com"]
        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."gcr.io"]
            endpoint = ["gcr.m.daocloud.io"]
        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."k8s.gcr.io"]
            endpoint = ["k8s-gcr.m.daocloud.io"]
        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."quay.io"]
            endpoint = ["quay.m.daocloud.io"]
        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."registry.k8s.io"]
            endpoint = ["k8s.m.daocloud.io"]
        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.elastic.co"]
            endpoint = ["elastic.m.daocloud.io"]
        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."harbor.sundayhk.com"]
            endpoint = ["https://harbor.sundayhk.com"]

      [plugins."io.containerd.grpc.v1.cri".registry.configs]
        [plugins."io.containerd.grpc.v1.cri".registry.configs."harbor.sundayhk.com"]
          [plugins."io.containerd.grpc.v1.cri".registry.configs."harbor.sundayhk.com".tls]
            insecure_skip_verify = true
          [plugins."io.containerd.grpc.v1.cri".registry.configs."harbor.sundayhk.com".auth]
            username = "admin"
            password = "Harbor12345"

containerd systemd 默认设置了KillMode=process,重启不会杀死运行的容器

systemctl daemon-reload
systemctl restart containerd

crictl info | grep -A20 mirrors
      "mirrors": {
        "docker.io": {
          "endpoint": [
            "https://docker.m.daocloud.io",
            "http://hub-mirror.c.163.com"
          ]
          ...

注意:/etc/containerd/config.toml配置文件是给crictlkubelet使用。
如果你使用ctr或者nerdctl,是不会读取plugins."io.containerd.grpc.v1.cri配置信息(如mirros、私有仓库)。

# crictl config --list

KEY                    VALUE
runtime-endpoint       unix:///run/containerd/containerd.sock
image-endpoint         unix:///run/containerd/containerd.sock
timeout                5
debug                  false
pull-image-on-create   false
disable-pull-on-run    false

命令配置

crictl config runtime-endpoint unix:///run/containerd/containerd.sock
crictl config image-endpoint unix:///run/containerd/containerd.sock

私有仓库拉取

crictl pull harbor.sundayhk.com/xlp/busybox:1.28

nerdctl和ctr 依旧需要验证

nerdctl tag docker.io/library/busybox:1.28 harbor.sundayhk.com/xlp/busybox:1.28

# ctr -n k8s.io images tag docker.io/library/busybox:1.28 harbor.sundayhk.com/xlp/busybox:1.28

ctr -n k8s.io images push harbor.sundayhk.com/xlp/busybox:1.28 --skip-verify --user admin:Harbor12345

# 注意可能会出现 ctr: content digest sha256:xxxxxx  not found,解决办法,下载完整的
ctr image pull --all-platforms docker.io/library/redis:alpine

Harbor 和Containerd的最佳实栈
【云原生】Containerd ctr 和 crictl 客户端命令介绍与实战操作(nerdctl )

相关文章

阿里源 docker-ce 安装

发布评论