不看官方文档的代价:在搜索了很多中文资料发现配置了都不起作用,浪费了很多时间。
https://github.com/containerd/containerd/blob/main/docs/cri/config.md#registry-configuration
The old CRI config pattern for specifying registry.mirrors and registry.configs has been DEPRECATED. You should now point your registry config_path to the path where your hosts.toml files are located. 也就是说直接在/etc/containerd/config.toml里配置 registry.mirrors已经失效了。
最新的配置方法是只在config.toml 中指定hosts.toml的config_path
[plugins."io.containerd.grpc.v1.cri".registry]
config_path = "/etc/containerd/certs.d"
在hosts.toml配置真正的harbor的URL, 默认是https,这里改成了http
vim /etc/containerd/certs.d/registry.imagehub.com/hosts.toml
server = "http://registry.imagehub.com"
[host."http://registry.imagehub.com"]
capabilities = ["pull", "resolve", "push"]
skip_verify = true
修改完,需要daemon-reload, restart containerd
验证pull image是否成功:
ctr images pull --hosts-dir "/etc/containerd/certs.d" registry.imagehub.com/library/hello_world:v2
网元yaml配置image地址:
cat hello_world.yaml
containers:
- name: hello-world-container
image: registry.imagehub.com/library/hello_world:v2
kubectl get pods --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
default hello-world-6c8d6fb999-8fdsd 1/1 Running 0 52m