containerd配置私有仓库registry

|----------|--------------|-------|
| 机器 | ip | 端口 |
| regtisry | 192.168.0.72 | 5000 |
| k8s-* | ------- | k8s集群 |

1、镜像上传

root@admin:~# docker push 192.168.0.72:5000/nginx:1.26.1-alpine

The push refers to repository [192.168.0.72:5000/nginx]

6961f0b8531c: Pushed

3112cd521249: Pushed

d3f50ce9b5b5: Pushed

9efaf2eb479a: Pushed

bef35f150926: Pushed

7b87df18a0ed: Pushed

4160c36f5f9d: Pushed

d4fc045c9e3a: Pushed

1.26.1-alpine: digest: sha256:2565e998caf6d270af6ded12206135ffd3247aeb362f5dc5ad2c7449f3712df0 size: 1989

2、重要报错

root@k8s-master3 \~\]# journalctl -u containerd -f -- Logs begin at Fri 2024-10-25 15:25:01 CST. -- Nov 06 14:08:14 k8s-master3 containerd\[19662\]: time="2024-11-06T14:08:14.052429673+08:00" level=warning msg="could not use snapshotter devmapper in metadata plugin" error="devmapper not configured" Nov 06 14:08:14 k8s-master3 containerd\[19662\]: time="2024-11-06T14:08:14.154156087+08:00" level=warning msg="failed to load plugin io.containerd.grpc.v1.cri" error="invalid plugin config: `mirrors` cannot be set when `config_path` is provided" Nov 06 14:08:14 k8s-master3 systemd\[1\]: Started containerd container runtime. Nov 06 14:22:06 k8s-master3 systemd\[1\]: Stopping containerd container runtime... Nov 06 14:22:06 k8s-master3 systemd\[1\]: Stopped containerd container runtime. Nov 06 14:22:06 k8s-master3 systemd\[1\]: Starting containerd container runtime... Nov 06 14:22:06 k8s-master3 containerd\[28450\]: time="2024-11-06T14:22:06.359645523+08:00" level=warning msg="failed to load plugin io.containerd.snapshotter.v1.devmapper" error="devmapper not configured" Nov 06 14:22:06 k8s-master3 containerd\[28450\]: time="2024-11-06T14:22:06.360210472+08:00" level=warning msg="could not use snapshotter devmapper in metadata plugin" error="devmapper not configured" Nov 06 14:22:06 k8s-master3 containerd\[28450\]: time="2024-11-06T14:22:06.475504596+08:00" level=warning msg="failed to load plugin io.containerd.grpc.v1.cri" error="invalid plugin config: `mirrors` cannot be set when `config_path` is provided" Nov 06 14:22:06 k8s-master3 systemd\[1\]: Started containerd container runtime. \[root@k8s-master3 \~\]# ctr plugins ls \| grep cri io.containerd.grpc.v1 cri linux/amd64 error 从日志来看,出现了以下错误: > `invalid plugin config: mirrors cannot be set when config_path is provided` 这表明在 `/etc/containerd/config.toml` 中,`mirrors` 和 `config_path` 配置项冲突。根据 containerd 配置规则,**当使用 `config_path` 指定了证书和私有仓库配置文件目录时,不允许再使用 `mirrors` 配置**。 #### 解决方案 要解决此问题,可以选择以下两种方式之一: ##### 方案 1:删除 `mirrors` 配置 如果你更愿意通过 `config_path` 指定私有仓库配置文件,则删除 `mirrors` 配置部分,保留 `config_path` 配置。例如,更新后的 `config.toml` 文件为: > `version = 2 root = "/var/lib/containerd" state = "/run/containerd" oom_score = 0 [grpc] address = "/run/containerd/containerd.sock" [plugins."io.containerd.grpc.v1.cri"] sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.7" [plugins."io.containerd.grpc.v1.cri".containerd] snapshotter = "overlayfs" default_runtime_name = "runc" [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc] runtime_type = "io.containerd.runc.v2" [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options] SystemdCgroup = true [plugins."io.containerd.grpc.v1.cri".registry] config_path = "/etc/containerd/certs.d" [plugins."io.containerd.grpc.v1.cri".registry.configs."192.168.0.72:5000".tls] insecure_skip_verify = true [plugins."io.containerd.grpc.v1.cri".registry.configs."192.168.0.72:5000".auth] username = "admin" password = "admin" ` #本人使用的方案二解决 ##### 方案 2:移除 `config_path` 并仅使用 `mirrors` 如果你更偏向在 `config.toml` 中直接配置镜像仓库的地址,则可以删除 `config_path` 行,仅使用 `mirrors` 配置。例如: > `[plugins."io.containerd.grpc.v1.cri".registry] [plugins."io.containerd.grpc.v1.cri".registry.mirrors."192.168.0.72:5000"] endpoint = ["http://192.168.0.72:5000"] [plugins."io.containerd.grpc.v1.cri".registry.configs."192.168.0.72:5000".tls] insecure_skip_verify = true [plugins."io.containerd.grpc.v1.cri".registry.configs."192.168.0.72:5000".auth] username = "admin" password = "admin" ` #### 重启 Containerd 并验证 更新配置后,重新启动 containerd 服务: > `sudo systemctl restart containerd` #成功验证,既能通过crictl拉取,还能写入到yaml文件中拉取,而不用为集群中每一台机器上传镜像 > at > > \[root@k8s-master1 containerd\]# crictl pull ​​192.168.0.72:5000/nginx:1.26.1-alpine > > Image is up to date for sha256:98abffe47b9c4812f59d521554e7b2245196e882bca57ece5b23d38ede0cc137 > > \[root@k8s-master1 containerd\]# crictl images > > IMAGE TAG IMAGE ID SIZE > > 192.168.0.72:5000/nginx 1.26.1-alpine 98abffe47b9c4 20.5MB

相关推荐
2418ly1 小时前
docker常用命令
运维·docker·容器
明月(Alioo)2 小时前
机器学习入门,用Lima在macOS免费搭建Docker环境,彻底解决镜像与收费难题!
macos·docker·容器
水上冰石3 小时前
k8s证书理论知识之/etc/kubernetes/pki/ 和/var/lib/kubelet/pki/的区别
云原生·容器·kubernetes·数字证书·证书过期
Nazi63 小时前
sealos部署k8s
运维·kubernetes·k8s
To_再飞行3 小时前
K8s访问控制(一)
云原生·容器·kubernetes
虚伪的空想家3 小时前
K8S的Pod为什么可以解析访问集群之外的域名地址
云原生·容器·kubernetes·dns·域名解析·pod·coredns
❀͜͡傀儡师3 小时前
二进制安装Kubernetes(k8s)v1.34.0
云原生·容器·kubernetes
Zs05093 小时前
k8s基础练习环境搭建
云原生·容器·kubernetes
栗子~~3 小时前
Kubernetes(k8s) po 配置持久化挂载(nfs)
云原生·容器·kubernetes
努力打怪升级3 小时前
容器学习day05_k8s(二)
学习·容器·kubernetes