Containerd接入Harbor仓库

在使用容器时,避免不了会使用到私有仓库,一般都是采用 harbor 作为私有仓库,docker 对接 harbor 仓库非常简单,哪 containerd 如何对接 harbor 呢?

在内网使用 harbor 根据个人习惯,一般都是非 http 并且是通过IP 直接访问,如下:

harbor仓库地址为:http://192.168.199.102:80containerd 如何上传或者下载镜像呢?

2.配置说明

2.1 生成配置文件

>mkdir -p /etc/containerd/ >containerd config default

> /etc/containerd/config.toml

2.2 修改配置

大概从144行开始 >vim +144 /etc/containerd/config.toml 144 [plugins."io.containerd.grpc.v1.cri".registry] 145 config_path = "/etc/containerd/certs.d" #修改该行的配置信息 ...

创建该目录

上面的目录+harbor仓库地址

>mkdir -p /etc/containerd/certs.d/192.168.199.102:80

编写 harbor 配置

>vim /etc/containerd/certs.d/192.168.199.102\:80/hosts.toml
server = "http://192.168.199.102:80"
[host."http://192.168.199.102:80"]
  capabilities = ["pull", "resolve", "push"]
  skip_verify = true

重启服务

>systemctl restart containerd

3.验证上传下载

3.1 准备镜像

首先,从网络上下载一个镜像

>nerdctl pull nginx:alpine
>nerdctl images
REPOSITORY    TAG       IMAGE ID        CREATED          PLATFORM       SIZE        BLOB SIZE
nginx         alpine    c94a22b036af    2 seconds ago    linux/amd64    42.7 MiB    16.0 MiB

为该镜像打TAG

>nerdctl tag nginx:alpine 192.168.199.102:80/library/nginx:alpine
>nerdctl images
REPOSITORY                          TAG       IMAGE ID        CREATED          PLATFORM       SIZE        BLOB SIZE
192.168.199.102:80/library/nginx    alpine    c94a22b036af    6 minutes ago    linux/amd64    42.7 MiB    16.0 MiB
nginx                               alpine    c94a22b036af    7 minutes ago    linux/amd64    42.7 MiB    16.0 MiB

3.2 登录harbor

>nerdctl login 192.168.199.102:80
Enter Username: admin
Enter Password:
WARNING: Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

3.3 上传镜像

上传到 harbor 仓库

>nerdctl push 192.168.199.102:80/library/nginx:alpine
INFO[0000] pushing as a reduced-platform image (application/vnd.docker.distribution.manifest.list.v2+json, sha256:3d7805c209c8f28a172fc1b6adea4db8d68ca54d0e1696a655ef0c75333add45)
index-sha256:3d7805c209c8f28a172fc1b6adea4db8d68ca54d0e1696a655ef0c75333add45:    done           |++++++++++++++++++++++++++++++++++++++|
manifest-sha256:01ccf4035840dd6c25042b2b5f6b09dd265b4ed5aa7b93ccc4714027c0ce5685: done           |++++++++++++++++++++++++++++++++++++++|
config-sha256:8e75cbc5b25c8438fcfe2e7c12c98409d5f161cbb668d6c444e02796691ada70:   done           |++++++++++++++++++++++++++++++++++++++|
elapsed: 0.9 s                                                                    total:  18.0 K (20.0 KiB/s)

3.4 harbor仓库查看镜像

3.5 删除本地镜像

>nerdctl rmi 192.168.199.102:80/library/nginx:alpine nginx:alpine
>nerdctl images
REPOSITORY    TAG    IMAGE ID    CREATED    PLATFORM    SIZE    BLOB SIZE

3.6 启动容器

目前本地是没有镜像的,直接通过 nerdctl run 启动容器。当本地没有镜像时,会直接从 harbor 拉取镜像。

>nerdctl  images
REPOSITORY    TAG    IMAGE ID    CREATED    PLATFORM    SIZE    BLOB SIZE
>nerdctl run --name ngx -d -p 80:80 192.168.199.102:80/library/nginx:alpine
192.168.199.102:80/library/nginx:alpine:                                          resolved       |++++++++++++++++++++++++++++++++++++++|
index-sha256:3d7805c209c8f28a172fc1b6adea4db8d68ca54d0e1696a655ef0c75333add45:    done           |++++++++++++++++++++++++++++++++++++++|
manifest-sha256:01ccf4035840dd6c25042b2b5f6b09dd265b4ed5aa7b93ccc4714027c0ce5685: done           |++++++++++++++++++++++++++++++++++++++|
config-sha256:8e75cbc5b25c8438fcfe2e7c12c98409d5f161cbb668d6c444e02796691ada70:   done           |++++++++++++++++++++++++++++++++++++++|
layer-sha256:c23b4f8cf279507bb1dd3d6eb2d15ca84fac9eac215ab5b529aa8b5a060294c8:    done           |++++++++++++++++++++++++++++++++++++++|
layer-sha256:f56be85fc22e46face30e2c3de3f7fe7c15f8fd7c4e5add29d7f64b87abdaa09:    done           |++++++++++++++++++++++++++++++++++++++|
layer-sha256:2ce963c369bc5690378d31c51dc575c7035f6adfcc1e286051b5a5d9a7b0cc5c:    done           |++++++++++++++++++++++++++++++++++++++|
layer-sha256:59b9d2200e632e457f800814693b3a01adf09a244c38ebe8d3beef5c476c4c55:    done           |++++++++++++++++++++++++++++++++++++++|
layer-sha256:3e1e579c95fece6bbe0cb9c8c2949512a3f8caaf9dbe6219dc6495abb9902040:    done           |++++++++++++++++++++++++++++++++++++++|
layer-sha256:547a97583f72a32903ca1357d48fa302e91e8f83ffa18e0c40fd87adb5c06025:    done           |++++++++++++++++++++++++++++++++++++++|
layer-sha256:1f21f983520d9a440d410ea62eb0bda61a2b50dd79878071181b56b82efa9ef3:    done           |++++++++++++++++++++++++++++++++++++++|
elapsed: 2.1 s                                                                    total:  16.0 M (7.6 MiB/s)
bfd2c9c9078966b6709f457586da83e604eb6c05055cc6a04febe8659d47bfb1

>nerdctl images
REPOSITORY                          TAG       IMAGE ID        CREATED           PLATFORM       SIZE        BLOB SIZE
192.168.199.102:80/library/nginx    alpine    3d7805c209c8    28 seconds ago    linux/amd64    42.7 MiB    16.0 MiB
>nerdctl  ps -a
CONTAINER ID    IMAGE                                      COMMAND                   CREATED           STATUS    PORTS                 NAMES
bfd2c9c90789    192.168.199.102:80/library/nginx:alpine    "/docker-entrypoint...."    29 seconds ago    Up        0.0.0.0:80->80/tcp    ngx

3.7 验证查看

>curl -I localhost
HTTP/1.1 200 OK
Server: nginx/1.23.4
Date: Thu, 06 Apr 2023 06:41:25 GMT
Content-Type: text/html
Content-Length: 615
Last-Modified: Tue, 28 Mar 2023 17:09:24 GMT
Connection: keep-alive
ETag: "64231f44-267"
Accept-Ranges: bytes

OK,nginx启动成功。

4.配置镜像加速

通过上面的配置,不难启发我们配置国内镜像加速的方式,例如为 docker.io 配置镜像加速

>mkdir -p /etc/containerd/docker.io
>vim /etc/containerd/docker.io/hosts.toml
server = "https://docker.io"
[host."https://xxx.mirror.aliyuncs.com"]  #注册阿里云可查看个人加速源

重启服务

>systemctl restart containerd

测试拉取镜像

>nerdctl pull mysql
>nerdctl  images
REPOSITORY    TAG                 IMAGE ID        CREATED           PLATFORM       SIZE         BLOB SIZE
busybox       stable              5acba83a746c    17 minutes ago    linux/amd64    1.2 MiB      758.9 KiB
java          8u111-jdk-alpine    d49bf8c44670    15 minutes ago    linux/amd64    140.3 MiB    49.3 MiB
mysql         latest              e9027fe4d91c    2 seconds ago     linux/amd64    504.6 MiB    144.4 MiB
nginx         alpine              eb05700fe7ba    23 minutes ago    linux/amd64    25.2 MiB     9.7 MiB

参考:

https://www.cnblogs.com/hukey/p/17293126.html

docker中安装最新版私有镜像仓库harbor(v2.8.2 ) - 知乎

https://www.cnblogs.com/birkhoffxia/articles/17547907.html

harbor安装_凤凰涅槃的技术博客_51CTO博客

https://www.cnblogs.com/qfdxxdr/p/16384133.html

相关推荐
胡八一6 天前
解决/var/lib/docker(默认的 Docker 数据目录)占用较大,并且所在磁盘空间不足
docker·harbor
warrah6 天前
生产环境迁移——harbor篇
harbor
Echo flower11 天前
jenkins harbor安装
云原生·harbor
听说唐僧不吃肉19 天前
一文了解containerd与docker的区别
docker·containerd
秋意零1 个月前
Harbor安装、HTTPS配置、修改端口后不可访问?
运维·云计算·harbor·harbor相关
树下一少年1 个月前
k8s运行运行pod报错超出文件描述符表限制
linux·容器·kubernetes·containerd·limit.conf
lwprain1 个月前
安装支持ssl的harbor 2.1.4 docker 19.03.8 docker-compose 1.24.0
网络协议·ssl·harbor
lu云之东1 个月前
Harbor2.11.1生成自签证和配置HTTPS访问
网络协议·http·docker·https·harbor
SilentCodeY2 个月前
containerd配置私有仓库registry
容器·kubernetes·containerd·镜像·crictl
知本知至2 个月前
arm架构部署nexus配置ssl&containerd
arm开发·架构·containerd·nexus