我们新安装的k8s 1.35,使用containerd v2.2作为容器引擎,配置折腾了好久才搞定,分享如下。
1、关于国内镜像库的配置
containerd v2.2使用每个镜像库独立配置文件的方式,有点像nginx
首先要在/etc/containerd/config.toml文件中加入以下一行:
[plugins.'io.containerd.cri.v1.images'.pinned_images]
sandbox = 'registry.aliyuncs.com/google_containers/pause:3.10.1'
[plugins.'io.containerd.cri.v1.images'.registry] #老版本是io.containerd.grpc.v1.cri".registry
config_path = '/etc/containerd/certs.d' #这一行本来有就的,但多了点东西":/etc/docker/certs.d",不知道是不是有影响,反正我删除了然后,再/etc/containerd/certs.d目录下,每个要做镜像的站点一个目录:
每个目录下一个hosts.toml文件,内容如下:
bash
server = "https://docker.io" #原镜像网址
[host."docker.m.daocloud.io"] #国内的替代网址
capabilities = ["pull", "resolve"]2、没有ssl的私库的配置
网上各种配置方法都试过了,就是不支持http私库,按最接近的配置方法:
bash
server = "http://10.16.10.28:8088"
[host."http://10.16.10.28:8088"]
capabilities = ["pull", "resolve", "push"]
skip_verify = true
# 如果 http 协议有问题,尝试去掉协议
# capabilities = ["pull", "resolve", "push"]
# skip_verify = true但还是报错:
failed to do request: Head "https://10.16.10.28:8088/v2/tmp/tmp-rule/manifests/3.0.0-SNAPSHOT": http: server gave HTTP response to HTTPS client后来各种尝试,终于搞定了。
正确的配置是:
bash
server = "https://10.16.10.28:8088" # 这里是原始要访问的网址,是要带https的
[host."http://10.16.10.28:8088"] #这里告诉它,转到http网站上去
capabilities = ["pull", "resolve", "push"]
skip_verify = true
username = "user111"
password = "pass123"