配置containerd镜像管理

用户30750093037932025-08-07 10:32

containerd常用镜像配置

ini 复制代码 
# docker hub镜像加速
mkdir -p /etc/containerd/certs.d/docker.io
cat > /etc/containerd/certs.d/docker.io/hosts.toml << EOF
server = "https://docker.io"
[host."https://dockerproxy.com"]
  capabilities = ["pull", "resolve"]

[host."https://docker.m.daocloud.io"]
  capabilities = ["pull", "resolve"]

[host."https://reg-mirror.qiniu.com"]
  capabilities = ["pull", "resolve"]

[host."https://registry.docker-cn.com"]
  capabilities = ["pull", "resolve"]

[host."http://hub-mirror.c.163.com"]
  capabilities = ["pull", "resolve"]

EOF

# registry.k8s.io镜像加速
mkdir -p /etc/containerd/certs.d/registry.k8s.io
tee /etc/containerd/certs.d/registry.k8s.io/hosts.toml << 'EOF'
server = "https://registry.k8s.io"

[host."https://k8s.m.daocloud.io"]
  capabilities = ["pull", "resolve", "push"]
EOF

# docker.elastic.co镜像加速
mkdir -p /etc/containerd/certs.d/docker.elastic.co
tee /etc/containerd/certs.d/docker.elastic.co/hosts.toml << 'EOF'
server = "https://docker.elastic.co"

[host."https://elastic.m.daocloud.io"]
  capabilities = ["pull", "resolve", "push"]
EOF

# gcr.io镜像加速
mkdir -p /etc/containerd/certs.d/gcr.io
tee /etc/containerd/certs.d/gcr.io/hosts.toml << 'EOF'
server = "https://gcr.io"

[host."https://gcr.m.daocloud.io"]
  capabilities = ["pull", "resolve", "push"]
EOF

# ghcr.io镜像加速
mkdir -p /etc/containerd/certs.d/ghcr.io
tee /etc/containerd/certs.d/ghcr.io/hosts.toml << 'EOF'
server = "https://ghcr.io"

[host."https://ghcr.m.daocloud.io"]
  capabilities = ["pull", "resolve", "push"]
EOF

# k8s.gcr.io镜像加速
mkdir -p /etc/containerd/certs.d/k8s.gcr.io
tee /etc/containerd/certs.d/k8s.gcr.io/hosts.toml << 'EOF'
server = "https://k8s.gcr.io"

[host."https://k8s-gcr.m.daocloud.io"]
  capabilities = ["pull", "resolve", "push"]
EOF

# mcr.m.daocloud.io镜像加速
mkdir -p /etc/containerd/certs.d/mcr.microsoft.com
tee /etc/containerd/certs.d/mcr.microsoft.com/hosts.toml << 'EOF'
server = "https://mcr.microsoft.com"

[host."https://mcr.m.daocloud.io"]
  capabilities = ["pull", "resolve", "push"]
EOF

# nvcr.io镜像加速
mkdir -p /etc/containerd/certs.d/nvcr.io
tee /etc/containerd/certs.d/nvcr.io/hosts.toml << 'EOF'
server = "https://nvcr.io"

[host."https://nvcr.m.daocloud.io"]
  capabilities = ["pull", "resolve", "push"]
EOF

# quay.io镜像加速
mkdir -p /etc/containerd/certs.d/quay.io
tee /etc/containerd/certs.d/quay.io/hosts.toml << 'EOF'
server = "https://quay.io"

[host."https://quay.m.daocloud.io"]
  capabilities = ["pull", "resolve", "push"]
EOF

# registry.jujucharms.com镜像加速
mkdir -p /etc/containerd/certs.d/registry.jujucharms.com
tee /etc/containerd/certs.d/registry.jujucharms.com/hosts.toml << 'EOF'
server = "https://registry.jujucharms.com"

[host."https://jujucharms.m.daocloud.io"]
  capabilities = ["pull", "resolve", "push"]
EOF

# rocks.canonical.com镜像加速
mkdir -p /etc/containerd/certs.d/rocks.canonical.com
tee /etc/containerd/certs.d/rocks.canonical.com/hosts.toml << 'EOF'
server = "https://rocks.canonical.com"

[host."https://rocks-canonical.m.daocloud.io"]
  capabilities = ["pull", "resolve", "push"]
EOF

验证

crictl 命令, 会自动使用/etc/containerd/certs.d目录下的配置镜像加速 (推荐)

是对于ctr命令,需要指定--hosts-dir=/etc/containerd/certs.d。举个栗子:

bash 复制代码 
ctr i pull --hosts-dir=/etc/containerd/certs.d registry.k8s.io/sig-storage/csi-provisioner:v3.5.0

如果要确定此命令是否真的使用了镜像加速,可以增加--debug=true参数,譬如:

bash 复制代码 
ctr --debug=true i pull --hosts-dir=/etc/containerd/certs.d registry.k8s.io/sig-storage/csi-provisioner:v3.5.0

使用crictl 命令拉取

lua 复制代码 
[root@node2 certs.d]# crictl --debug=true  pull docker.io/library/ubuntu:20.04
DEBU[0000] get image connection
DEBU[0000] PullImageRequest: &PullImageRequest{Image:&ImageSpec{Image:docker.io/library/ubuntu:20.04,Annotations:map[string]string{},UserSpecifiedImage:,RuntimeHandler:,},Auth:nil,SandboxConfig:nil,}
DEBU[0022] PullImageResponse: &PullImageResponse{ImageRef:sha256:ba6acccedd2923aee4c2acc6a23780b14ed4b8a5fa4e14e252a23b846df9b6c1,}
Image is up to date for sha256:ba6acccedd2923aee4c2acc6a23780b14ed4b8a5fa4e14e252a23b846df9b6c1
[root@node2 certs.d]# crictl images
IMAGE                                        TAG                    IMAGE ID            SIZE
docker.io/library/ubuntu                     20.04                  ba6acccedd292       28.6MB
docker.io/rancher/klipper-helm               v0.8.3-build20240228   0929b4140ada6       256MB
docker.io/rancher/klipper-lb                 v0.4.7                 edc812b8e25d0       12.2MB
docker.io/rancher/local-path-provisioner     v0.0.26                c54dcef6214cb       48.7MB
docker.io/rancher/mirrored-coredns-coredns   1.10.1                 ead0a4a53df89       53.6MB
docker.io/rancher/mirrored-library-busybox   1.36.1                 65ad0d468eb1c       4.5MB
docker.io/rancher/mirrored-library-traefik   2.10.7                 ee69e8120b64a       154MB
docker.io/rancher/mirrored-metrics-server    v0.7.0                 b9a5a1927366a       68.2MB
docker.io/rancher/mirrored-pause             3.6                    6270bb605e12e       686kB
[root@node2 certs.d]#
相关推荐
zfj3211 天前
容器 的 cpu request limit 与 linux cgroups 的关系
linux·运维·服务器·kubernetes·cgroup
初学者_xuan1 天前
26、K8S-Sidecar代理
云原生·容器·kubernetes
❥ღ Komo·1 天前
K8S-EFK日志收集实战指南
云原生·容器·kubernetes
bing.shao1 天前
Kubernetes 容错处理实战案例集锦
云原生·容器·kubernetes
古城小栈1 天前
边缘计算:K3s 轻量级 K8s 部署实践
java·kubernetes·边缘计算
杰克逊的日记2 天前
k8s某pod节点资源使用率过高,如何调整
linux·docker·kubernetes
古城小栈2 天前
Go 语言容器感知,自动适配 K8s 资源限制
golang·kubernetes
VermiliEiz3 天前
使用二进制文件方式部署kubernetes(1)
kubernetes·云计算
云计算小黄同学3 天前
k8s中的服务通过secret访问数据库的实际案例
数据库·阿里云·kubernetes
热门推荐
01GitHub 镜像站点02UV安装并设置国内源03【AutoGLM部署】本地私有化部署AI手机Agent04【超详细教程】手把手教你从微软官网免费下载Windows 10官方原版ISO镜像(2025最新版)05Linux下V2Ray安装配置指南06Cursor 又偷偷更新,这个功能太实用:Visual Editor for Cursor Browser07Open-AutoGLM Windows 安装部署教程08BongoCat - 跨平台键盘猫动画工具09Windows 11 官方系统安装与重装完整教程(2025年最新版)10安娜的档案(Anna’s Archive) 镜像网站/国内最新可访问入口(持续更新)