配置containerd镜像管理

containerd常用镜像配置

ini 复制代码
# docker hub镜像加速
mkdir -p /etc/containerd/certs.d/docker.io
cat > /etc/containerd/certs.d/docker.io/hosts.toml << EOF
server = "https://docker.io"
[host."https://dockerproxy.com"]
  capabilities = ["pull", "resolve"]

[host."https://docker.m.daocloud.io"]
  capabilities = ["pull", "resolve"]

[host."https://reg-mirror.qiniu.com"]
  capabilities = ["pull", "resolve"]

[host."https://registry.docker-cn.com"]
  capabilities = ["pull", "resolve"]

[host."http://hub-mirror.c.163.com"]
  capabilities = ["pull", "resolve"]

EOF

# registry.k8s.io镜像加速
mkdir -p /etc/containerd/certs.d/registry.k8s.io
tee /etc/containerd/certs.d/registry.k8s.io/hosts.toml << 'EOF'
server = "https://registry.k8s.io"

[host."https://k8s.m.daocloud.io"]
  capabilities = ["pull", "resolve", "push"]
EOF

# docker.elastic.co镜像加速
mkdir -p /etc/containerd/certs.d/docker.elastic.co
tee /etc/containerd/certs.d/docker.elastic.co/hosts.toml << 'EOF'
server = "https://docker.elastic.co"

[host."https://elastic.m.daocloud.io"]
  capabilities = ["pull", "resolve", "push"]
EOF

# gcr.io镜像加速
mkdir -p /etc/containerd/certs.d/gcr.io
tee /etc/containerd/certs.d/gcr.io/hosts.toml << 'EOF'
server = "https://gcr.io"

[host."https://gcr.m.daocloud.io"]
  capabilities = ["pull", "resolve", "push"]
EOF

# ghcr.io镜像加速
mkdir -p /etc/containerd/certs.d/ghcr.io
tee /etc/containerd/certs.d/ghcr.io/hosts.toml << 'EOF'
server = "https://ghcr.io"

[host."https://ghcr.m.daocloud.io"]
  capabilities = ["pull", "resolve", "push"]
EOF

# k8s.gcr.io镜像加速
mkdir -p /etc/containerd/certs.d/k8s.gcr.io
tee /etc/containerd/certs.d/k8s.gcr.io/hosts.toml << 'EOF'
server = "https://k8s.gcr.io"

[host."https://k8s-gcr.m.daocloud.io"]
  capabilities = ["pull", "resolve", "push"]
EOF

# mcr.m.daocloud.io镜像加速
mkdir -p /etc/containerd/certs.d/mcr.microsoft.com
tee /etc/containerd/certs.d/mcr.microsoft.com/hosts.toml << 'EOF'
server = "https://mcr.microsoft.com"

[host."https://mcr.m.daocloud.io"]
  capabilities = ["pull", "resolve", "push"]
EOF

# nvcr.io镜像加速
mkdir -p /etc/containerd/certs.d/nvcr.io
tee /etc/containerd/certs.d/nvcr.io/hosts.toml << 'EOF'
server = "https://nvcr.io"

[host."https://nvcr.m.daocloud.io"]
  capabilities = ["pull", "resolve", "push"]
EOF

# quay.io镜像加速
mkdir -p /etc/containerd/certs.d/quay.io
tee /etc/containerd/certs.d/quay.io/hosts.toml << 'EOF'
server = "https://quay.io"

[host."https://quay.m.daocloud.io"]
  capabilities = ["pull", "resolve", "push"]
EOF

# registry.jujucharms.com镜像加速
mkdir -p /etc/containerd/certs.d/registry.jujucharms.com
tee /etc/containerd/certs.d/registry.jujucharms.com/hosts.toml << 'EOF'
server = "https://registry.jujucharms.com"

[host."https://jujucharms.m.daocloud.io"]
  capabilities = ["pull", "resolve", "push"]
EOF

# rocks.canonical.com镜像加速
mkdir -p /etc/containerd/certs.d/rocks.canonical.com
tee /etc/containerd/certs.d/rocks.canonical.com/hosts.toml << 'EOF'
server = "https://rocks.canonical.com"

[host."https://rocks-canonical.m.daocloud.io"]
  capabilities = ["pull", "resolve", "push"]
EOF

验证

crictl 命令, 会自动使用/etc/containerd/certs.d目录下的配置镜像加速 (推荐)

是对于ctr命令,需要指定--hosts-dir=/etc/containerd/certs.d。举个栗子:

bash 复制代码
ctr i pull --hosts-dir=/etc/containerd/certs.d registry.k8s.io/sig-storage/csi-provisioner:v3.5.0

如果要确定此命令是否真的使用了镜像加速,可以增加--debug=true参数,譬如:

bash 复制代码
ctr --debug=true i pull --hosts-dir=/etc/containerd/certs.d registry.k8s.io/sig-storage/csi-provisioner:v3.5.0

使用crictl 命令拉取

lua 复制代码
[root@node2 certs.d]# crictl --debug=true  pull docker.io/library/ubuntu:20.04
DEBU[0000] get image connection
DEBU[0000] PullImageRequest: &PullImageRequest{Image:&ImageSpec{Image:docker.io/library/ubuntu:20.04,Annotations:map[string]string{},UserSpecifiedImage:,RuntimeHandler:,},Auth:nil,SandboxConfig:nil,}
DEBU[0022] PullImageResponse: &PullImageResponse{ImageRef:sha256:ba6acccedd2923aee4c2acc6a23780b14ed4b8a5fa4e14e252a23b846df9b6c1,}
Image is up to date for sha256:ba6acccedd2923aee4c2acc6a23780b14ed4b8a5fa4e14e252a23b846df9b6c1
[root@node2 certs.d]# crictl images
IMAGE                                        TAG                    IMAGE ID            SIZE
docker.io/library/ubuntu                     20.04                  ba6acccedd292       28.6MB
docker.io/rancher/klipper-helm               v0.8.3-build20240228   0929b4140ada6       256MB
docker.io/rancher/klipper-lb                 v0.4.7                 edc812b8e25d0       12.2MB
docker.io/rancher/local-path-provisioner     v0.0.26                c54dcef6214cb       48.7MB
docker.io/rancher/mirrored-coredns-coredns   1.10.1                 ead0a4a53df89       53.6MB
docker.io/rancher/mirrored-library-busybox   1.36.1                 65ad0d468eb1c       4.5MB
docker.io/rancher/mirrored-library-traefik   2.10.7                 ee69e8120b64a       154MB
docker.io/rancher/mirrored-metrics-server    v0.7.0                 b9a5a1927366a       68.2MB
docker.io/rancher/mirrored-pause             3.6                    6270bb605e12e       686kB
[root@node2 certs.d]#
相关推荐
__Smile°23 分钟前
Gitlab+Jenkins+K8S+Registry 建立 CI/CD 流水线
linux·ci/cd·docker·kubernetes·gitlab·jenkins
�FENG5 小时前
Prometheus 监控平台部署 (云原生环境)
云原生·kubernetes·prometheus·监控告警
only_Klein11 小时前
K8S部署ELK(二):部署Kafka消息队列
elk·kafka·kubernetes
David爱编程18 小时前
kube-proxy与CNI 的关系详解:职责划分与协同机制
云原生·容器·kubernetes
追风筝的小青年1 天前
ubuntu24中部署k8s 1.30.x-底层用docker
docker·容器·kubernetes
哈里谢顿1 天前
Kubernetes中的Deployment、StatefulSet、DaemonSet详细解释
kubernetes
David爱编程1 天前
网络策略NetworkPolicy与RBAC授权机制: Kubernetes安全体系的双重防线
云原生·容器·kubernetes
9命怪猫2 天前
K8S服务发现原理及开发框架的配合
云原生·容器·kubernetes·服务发现
David爱编程2 天前
理解Service的kube-proxy 实现原理
云原生·容器·kubernetes