containerd 实现了 kubernetes 的 Container Runtime Interface (CRI) 接口,提供容器运行时核心功能,如镜像管理、容器管理等,相比 dockerd 更加简单、健壮和可移植。
从docker过度还是需要一点时间慢慢习惯的,今天来探讨containerd 如何从无域名与权威证书的私有仓库harbor,下载镜像!
containerd 不能像docker一样
docker login harbor.example.com登录到镜像仓库,无法从harbor拉取到镜像。
修改Containerd配置文件(基于原始配置文件修改,搜索:registry.auths快速定位)
vim /etc/containerd/config.toml
- [plugins.“io.containerd.grpc.v1.cri”.registry.mirrors.“docker.io”]:镜像仓库源地址
- endpoint = [“https://registry-1.docker.io”]:镜像仓库代理地址
- insecure_skip_verify = true:是否跳过安全认证
- [plugins.“io.containerd.grpc.v1.cri”.registry.configs.“192.168.100.150:8082”.auth]:私有镜像仓库授权认证
- 配置私有镜像仓库账号密码后,k8s Pod拉取镜像无需创建Secrets,Deployment也无需配置Secrets
- 配置文件参考:https://github.com/containerd/containerd/blob/main/docs/cri/registry.md
[plugins."io.containerd.grpc.v1.cri".registry]
config_path = ""
[plugins."io.containerd.grpc.v1.cri".registry.auths]
[plugins."io.containerd.grpc.v1.cri".registry.configs]
[plugins."io.containerd.grpc.v1.cri".registry.configs."192.168.100.150:8082".tls]
insecure_skip_verify = true # 是否跳过安全认证
[plugins."io.containerd.grpc.v1.cri".registry.configs."192.168.100.150:8082".auth]
username = "admin"
password = "YOUR_HARBOR_PASSWORD"
[plugins."io.containerd.grpc.v1.cri".registry.headers]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
endpoint = ["https://registry-1.docker.io"]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."192.168.100.150:8082"]
endpoint = ["http://192.168.100.150:8082"]
- 配置生效并重启Containerd
systemctl daemon-reload && systemctl restart containerd.service
拉取和查看镜像文章来源:https://www.toymoban.com/news/detail-791687.html
ctr -n k8s.io image pull 192.168.100.150:8082/proaim/proaim-trinity-service:RELEASE-1.2.0-fc67c4d5 --plain-http --user admin:YOUR_HARBOR_PASSWORD
ctr -n k8s.io image ls
GitHub:https://github.com/Mystweb文章来源地址https://www.toymoban.com/news/detail-791687.html
到了这里,关于Kubernetes ≥ 1.25 Containerd配置Harbor私有镜像仓库的文章就介绍完了。如果您还想了解更多内容,请在右上角搜索TOY模板网以前的文章或继续浏览下面的相关文章,希望大家以后多多支持TOY模板网!
