SundayHK
containerd 使用https://docker.mirrors.ustc.edu.cn加速 抽风403
FATA[0038] pulling image: rpc error: code = Unknown desc = failed to pull and unpack image "docker.io/library/nginx:alpine": failed to copy: httpReadSeeker: failed open: unexpected status code https://docker.mirrors.ustc.edu.cn/v2/library/busybox/blobs/sha256:8c811b4aec35f259572d0f79207bc0678df4c736eeec50bc9fec37ed936a472a?ns=docker.io: 403 Forbidden
curl -X GET -H "Accept: application/vnd.docker.distribution.manifest.list.v2+json" https://docker.mirrors.ustc.edu.cn/v2/library/busybox/blobs/sha256:8c811b4aec35f259572d0f79207bc0678df4c736eeec50bc9fec37ed936a472a?ns=docker.io
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>openresty</center>
</body>
</html># vim /etc/containerd/config.toml
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
endpoint = ["https://docker.m.daocloud.io","http://hub-mirror.c.163.com"]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."gcr.io"]
endpoint = ["gcr.m.daocloud.io"]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."k8s.gcr.io"]
endpoint = ["k8s-gcr.m.daocloud.io"]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."quay.io"]
endpoint = ["quay.m.daocloud.io"]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."registry.k8s.io"]
endpoint = ["k8s.m.daocloud.io"]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.elastic.co"]
endpoint = ["elastic.m.daocloud.io"]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."harbor.sundayhk.com"]
endpoint = ["https://harbor.sundayhk.com"]
[plugins."io.containerd.grpc.v1.cri".registry.configs]
[plugins."io.containerd.grpc.v1.cri".registry.configs."harbor.sundayhk.com"]
[plugins."io.containerd.grpc.v1.cri".registry.configs."harbor.sundayhk.com".tls]
insecure_skip_verify = true
[plugins."io.containerd.grpc.v1.cri".registry.configs."harbor.sundayhk.com".auth]
username = "admin"
password = "Harbor12345"containerd systemd 默认设置了KillMode=process,重启不会杀死运行的容器
systemctl daemon-reload
systemctl restart containerd
crictl info | grep -A20 mirrors
"mirrors": {
"docker.io": {
"endpoint": [
"https://docker.m.daocloud.io",
"http://hub-mirror.c.163.com"
]
...注意:
/etc/containerd/config.toml配置文件是给crictl和kubelet使用。
如果你使用ctr或者nerdctl,是不会读取plugins."io.containerd.grpc.v1.cri配置信息(如mirros、私有仓库)。
# crictl config --list
KEY VALUE
runtime-endpoint unix:///run/containerd/containerd.sock
image-endpoint unix:///run/containerd/containerd.sock
timeout 5
debug false
pull-image-on-create false
disable-pull-on-run false命令配置
crictl config runtime-endpoint unix:///run/containerd/containerd.sock
crictl config image-endpoint unix:///run/containerd/containerd.sock私有仓库拉取
crictl pull harbor.sundayhk.com/xlp/busybox:1.28nerdctl和ctr 依旧需要验证
nerdctl tag docker.io/library/busybox:1.28 harbor.sundayhk.com/xlp/busybox:1.28
# ctr -n k8s.io images tag docker.io/library/busybox:1.28 harbor.sundayhk.com/xlp/busybox:1.28
ctr -n k8s.io images push harbor.sundayhk.com/xlp/busybox:1.28 --skip-verify --user admin:Harbor12345
# 注意可能会出现 ctr: content digest sha256:xxxxxx not found,解决办法,下载完整的
ctr image pull --all-platforms docker.io/library/redis:alpineHarbor 和Containerd的最佳实栈
【云原生】Containerd ctr 和 crictl 客户端命令介绍与实战操作(nerdctl )
