docker && containerd 镜像加速

刘某的Cloud2026-05-14 8:57

1.docker镜像加速

1.安装

bash 复制代码 
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/rhel/9.7/aarch64/stable/

#centos7的docker-yum源
yum-config-manager --add-repo http://mirrors.aliyun.com/docker-ce/linux/centos/7/docker-ce.repo
yum makecache
bash 复制代码 
#缓存本地rpm包
yum -y install yum-utils
yumdownloader --resolve --destdir=/root/docker-rpm/ docker-ce-27* docker-ce-cli-27* containerd.io-1.7*

2.配置镜像加速

bash 复制代码 
# 配置阿里云镜像加速
cat > /etc/docker/daemon.json <<EOF
{
  "exec-opts": ["native.cgroupdriver=systemd"],
  "log-driver": "json-file",
  "log-opts": {
    "max-size": "100m"
  },
  "insecure-registries": ["harbor.daboluo.com"],
  "registry-mirrors": [
      "https://si4p9a1f.mirror.aliyuncs.com",
      "https://docker.m.daocloud.io"
  ]
}
EOF
bash 复制代码 
systemctl daemon-reload && systemctl restart docker && systemctl enable docker && docker -v

3.部署cri-docker

bash 复制代码 
#rpm包地址
https://github.com/Mirantis/cri-dockerd/releases/tag/v0.3.16/cri-dockerd-0.3.16.arm64.tgz
bash 复制代码 
#配置服务
mv cri-dockerd /usr/local/bin/cri-dockerd
vim /etc/systemd/system/cri-dockerd.service
bash 复制代码 
[Unit]
Description=CRI Docker Bridge
After=network-online.target firewalld.service docker.service
Wants=network-online.target

[Service]
Type=notify
ExecStart=/usr/local/bin/cri-dockerd \
  --network-plugin=cni \
  --cni-conf-dir=/etc/cni/net.d \
  --cni-bin-dir=/opt/cni/bin \
  --container-runtime-endpoint=unix:///var/run/cri-dockerd.sock \
  --pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.10
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always

[Install]
WantedBy=multi-user.target
bash 复制代码 
#启动服务
systemctl daemon-reexec
systemctl daemon-reload && systemctl restart cri-dockerd && systemctl enable cri-dockerd && systemctl status cri-dockerd

2.containerd镜像加速

1.部署containerd

bash 复制代码 
yum -y install containerd.io-1.7.29-1.el9.aarch64.rpm
ctr -v
bash 复制代码 
# 所有节点配置Containerd的配置文件
cd /etc/containerd && mv config.toml config.toml.bak
containerd config default | tee /etc/containerd/config.toml
bash 复制代码 
vim /etc/containerd/config.toml
	-- 将containerd.runtimes.runc.options中的 SystemdCgroup 字段修改为true
	-- 接下来将sandbox_image的Pause镜像修改为适合自己版本的地址,
	# sandbox_image = "registry.cn-hangzhou.aliyuncs.com/google_containers/pause:3.10"
bash 复制代码 
# 所有节点设置Containerd开机启动
systemctl daemon-reload && systemctl enable --now containerd && systemctl restart containerd
bash 复制代码 
# 所有节点配置crictl客户端连接的Runtime位置
cat > /etc/crictl.yaml <<EOF
runtime-endpoint: unix:///var/run/containerd/containerd.sock
image-endpoint: unix:///var/run/containerd/containerd.sock
timeout: 0
debug: false
pull-image-on-create: true
EOF

2.安装cni网络插件

复制代码 
curl -JLO https://github.com/containernetworking/plugins/releases/download/v1.9.0/cni-plugins-linux-arm64-v1.9.0.tgz
mkdir -p /opt/cni/bin &&  tar Cxzvf /opt/cni/bin cni-plugins-linux-arm64-v1.9.0.tgz

3.安装nerdctl

复制代码 
curl -LO https://github.com/containerd/nerdctl/releases/download/v2.2.1/nerdctl-2.2.1-linux-arm64.tar.gz

tar xzvf nerdctl-2.2.1-linux-arm64.tar.gz
mv nerdctl /usr/local/bin
nerdctl -n k8s.io ps

4.镜像配置建议

​ 网上大多数配置containerd镜像加速的文章都是直接修改:/etc/containerd/config.toml配置文件,这种方式在较新版本的contaienrd中已经被废弃,将来肯定会被移除,只不过现在还可以使用而已。另外,这种方式有一个不好的地方就是,每次修改/etc/containerd/config.toml配置文件,都需要执行systemctl restart containerd.service命令重启containerd

新版本的containerd镜像仓库配置都是建议放在一个单独的文件夹当中,并且在/etc/containerd/config.toml配置文件当中打开config_path配置,指向镜像仓库配置目录即可。这种方式只需要在第一次修改/etc/containerd/config.toml文件打开config_path配置时需要重启containerd,后续我们增加镜像仓库配置都无需重启containerd,非常方便。

若我们在/etc/containerd/config.toml配置文件中指定config_path = /etc/containerd/certs.d,那么containerd镜像仓库的格式如下:

bash 复制代码 
$ tree /etc/containerd/certs.d
/etc/containerd/certs.d
/etc/containerd/certs.d/
├── 192.168.11.20
│   └── hosts.toml
└── docker.io
    └── hosts.toml

​ 可以看到,第一级目录为镜像仓库的域名或者IP:ADDR,第二级为hosts.toml文件

hosts.toml文件中的内容仅支持:server, capabilities, ca, client, skip_verify, [header], override_path

hosts.toml文件示例如下:

bash 复制代码 
[host."https://mirror.registry"]
  capabilities = ["pull"]
  ca = "/etc/certs/mirror.pem"
  skip_verify = false
  [host."https://mirror.registry".header]
    x-custom-2 = ["value1", "value2"]

[host."https://mirror-bak.registry/us"]
  capabilities = ["pull"]
  skip_verify = true

[host."http://mirror.registry"]
  capabilities = ["pull"]

[host."https://test-1.registry"]
  capabilities = ["pull", "resolve", "push"]
  ca = ["/etc/certs/test-1-ca.pem", "/etc/certs/special.pem"]
  client = [["/etc/certs/client.cert", "/etc/certs/client.key"],["/etc/certs/client.pem", ""]]

[host."https://test-2.registry"]
  client = "/etc/certs/client.pem"

[host."https://test-3.registry"]
  client = ["/etc/certs/client-1.pem", "/etc/certs/client-2.pem"]

[host."https://non-compliant-mirror.registry/v2/upstream"]
  capabilities = ["pull"]
  override_path = true

特别需要注意的是,hosts.toml中可以配置多个镜像仓库,containerd下载竟像时会根据配置的顺序使用镜像仓库,只有当上一个仓库下载失败才会使用下一个镜像仓库。因此,镜像仓库的配置原则就是镜像仓库下载速度越快,那么这个仓库就应该放在最前面。

4.配置 containerd 镜像加速

bash 复制代码 
#指定镜像加速配置文件目录
vim /etc/containerd/config.toml
在[plugins."io.containerd.grpc.v1.cri".registry]下添加:
  config_path = "/etc/containerd/certs.d"
bash 复制代码 
# docker hub镜像加速
mkdir -p /etc/containerd/certs.d/docker.io
tee > /etc/containerd/certs.d/docker.io/hosts.toml << EOF
server = "https://docker.io"

[host."https://dockerproxy.com"]
  capabilities = ["pull", "resolve"]
  
[host."https://docker.m.daocloud.io"]
  capabilities = ["pull", "resolve"]
  
[host."https://reg-mirror.qiniu.com"]
  capabilities = ["pull", "resolve"]
  
[host."https://registry.docker-cn.com"]
  capabilities = ["pull", "resolve"]
  
[host."http://hub-mirror.c.163.com"]
  capabilities = ["pull", "resolve"]
EOF

# registry.k8s.io镜像加速
mkdir -p /etc/containerd/certs.d/registry.k8s.io
tee /etc/containerd/certs.d/registry.k8s.io/hosts.toml << EOF
server = "https://registry.k8s.io"

[host."https://k8s.m.daocloud.io"]
  capabilities = ["pull", "resolve", "push"]
EOF

# docker.elastic.co镜像加速
mkdir -p /etc/containerd/certs.d/docker.elastic.co
tee /etc/containerd/certs.d/docker.elastic.co/hosts.toml << EOF
server = "https://docker.elastic.co"

[host."https://elastic.m.daocloud.io"]
  capabilities = ["pull", "resolve", "push"]
EOF

# gcr.io镜像加速
mkdir -p /etc/containerd/certs.d/gcr.io
tee /etc/containerd/certs.d/gcr.io/hosts.toml << EOF
server = "https://gcr.io"

[host."https://gcr.m.daocloud.io"]
  capabilities = ["pull", "resolve", "push"]
EOF

# ghcr.io镜像加速
mkdir -p /etc/containerd/certs.d/ghcr.io
tee /etc/containerd/certs.d/ghcr.io/hosts.toml << EOF
server = "https://ghcr.io"

[host."https://ghcr.m.daocloud.io"]
  capabilities = ["pull", "resolve", "push"]
EOF

# k8s.gcr.io镜像加速
mkdir -p /etc/containerd/certs.d/k8s.gcr.io
tee /etc/containerd/certs.d/k8s.gcr.io/hosts.toml << EOF
server = "https://k8s.gcr.io"

[host."https://k8s-gcr.m.daocloud.io"]
  capabilities = ["pull", "resolve", "push"]
EOF

# mcr.m.daocloud.io镜像加速
mkdir -p /etc/containerd/certs.d/mcr.microsoft.com
tee /etc/containerd/certs.d/mcr.microsoft.com/hosts.toml << EOF
server = "https://mcr.microsoft.com"

[host."https://mcr.m.daocloud.io"]
  capabilities = ["pull", "resolve", "push"]
EOF

# nvcr.io镜像加速
mkdir -p /etc/containerd/certs.d/nvcr.io
tee /etc/containerd/certs.d/nvcr.io/hosts.toml << EOF
server = "https://nvcr.io"

[host."https://nvcr.m.daocloud.io"]
  capabilities = ["pull", "resolve", "push"]
EOF

# quay.io镜像加速
mkdir -p /etc/containerd/certs.d/quay.io
tee /etc/containerd/certs.d/quay.io/hosts.toml << EOF
server = "https://quay.io"

[host."https://quay.m.daocloud.io"]
  capabilities = ["pull", "resolve", "push"]
EOF

# registry.jujucharms.com镜像加速
mkdir -p /etc/containerd/certs.d/registry.jujucharms.com
tee /etc/containerd/certs.d/registry.jujucharms.com/hosts.toml << EOF
server = "https://registry.jujucharms.com"

[host."https://jujucharms.m.daocloud.io"]
  capabilities = ["pull", "resolve", "push"]
EOF

# rocks.canonical.com镜像加速
mkdir -p /etc/containerd/certs.d/rocks.canonical.com
tee /etc/containerd/certs.d/rocks.canonical.com/hosts.toml << EOF
server = "https://rocks.canonical.com"

[host."https://rocks-canonical.m.daocloud.io"]
  capabilities = ["pull", "resolve", "push"]
EOF

注意,住里面除了docker.io仓库,其余仓库的镜像仓库都是使用了daocloud的镜像仓库,daocloud镜像仓库并非支持所有镜像的下载,其支持的镜像列表可以参考:daocloud镜像仓库支持列表

bash 复制代码 
docker.elastic.co/eck/eck-operator
docker.elastic.co/elasticsearch/elasticsearch
docker.elastic.co/kibana/kibana
docker.elastic.co/kibana/kibana-oss
docker.io/alpine
docker.io/alpine/helm
docker.io/amambadev/jenkins
docker.io/amambadev/jenkins-agent-base
docker.io/amambadev/jenkins-agent-go
docker.io/amambadev/jenkins-agent-maven
docker.io/amambadev/jenkins-agent-nodejs
docker.io/amambadev/jenkins-agent-python
docker.io/amazon/aws-alb-ingress-controller
docker.io/amazon/aws-ebs-csi-driver
docker.io/apache/skywalking-java-agent
docker.io/apache/skywalking-oap-server
docker.io/apache/skywalking-ui
docker.io/apitable/backend-server
docker.io/apitable/init-appdata
docker.io/apitable/init-db
docker.io/apitable/openresty
docker.io/apitable/room-server
docker.io/apitable/web-server
docker.io/aquasec/kube-bench
docker.io/aquasec/kube-hunter
docker.io/aquasec/trivy
docker.io/arey/mysql-client
docker.io/bitnami/bitnami-shell
docker.io/bitnami/contour
docker.io/bitnami/elasticsearch
docker.io/bitnami/elasticsearch-curator
docker.io/bitnami/elasticsearch-exporter
docker.io/bitnami/envoy
docker.io/bitnami/grafana
docker.io/bitnami/grafana-operator
docker.io/bitnami/kafka
docker.io/bitnami/kubeapps-apis
docker.io/bitnami/kubeapps-apprepository-controller
docker.io/bitnami/kubeapps-dashboard
docker.io/bitnami/kubeapps-kubeops
docker.io/bitnami/kubectl
docker.io/bitnami/kubernetes-event-exporter
docker.io/bitnami/mariadb
docker.io/bitnami/minideb
docker.io/bitnami/nginx
docker.io/bitnami/postgresql
docker.io/bitnami/wordpress
docker.io/bitpoke/mysql-operator
docker.io/bitpoke/mysql-operator-orchestrator
docker.io/bitpoke/mysql-operator-sidecar-5.7
docker.io/bitpoke/mysql-operator-sidecar-8.0
docker.io/busybox
docker.io/byrnedo/alpine-curl
docker.io/caddy
docker.io/calico/apiserver
docker.io/calico/cni
docker.io/calico/csi
docker.io/calico/kube-controllers
docker.io/calico/node
docker.io/calico/node-driver-registrar
docker.io/calico/pod2daemon-flexvol
docker.io/calico/typha
docker.io/cdkbot/hostpath-provisioner-amd64
docker.io/cdkbot/registry-amd64
docker.io/centos
docker.io/centos/tools
docker.io/cfmanteiga/alpine-bash-curl-jq
docker.io/cfssl/cfssl
docker.io/cilium/json-mock
docker.io/clickhouse/clickhouse-server
docker.io/clickhouse/integration-helper
docker.io/cloudnativelabs/kube-router
docker.io/coredns/coredns
docker.io/csiplugin/snapshot-controller
docker.io/curlimages/curl
docker.io/datawire/ambassador
docker.io/datawire/ambassador-operator
docker.io/debian
docker.io/directxman12/k8s-prometheus-adapter
docker.io/docker
docker.io/dpage/pgadmin4
docker.io/elastic/filebeat
docker.io/envoyproxy/envoy
docker.io/envoyproxy/envoy-distroless
docker.io/envoyproxy/nighthawk-dev
docker.io/f5networks/f5-ipam-controller
docker.io/f5networks/k8s-bigip-ctlr
docker.io/fabulousjohn/kafka-manager
docker.io/falcosecurity/event-generator
docker.io/falcosecurity/falco-driver-loader
docker.io/falcosecurity/falco-exporter
docker.io/falcosecurity/falco-no-driver
docker.io/falcosecurity/falcosidekick
docker.io/falcosecurity/falcosidekick-ui
docker.io/fellah/gitbook
docker.io/flannelcni/flannel-cni-plugin
docker.io/flant/shell-operator
docker.io/fluent/fluent-bit
docker.io/fluent/fluentd
docker.io/fortio/fortio
docker.io/foxdalas/kafka-manager
docker.io/frrouting/frr
docker.io/goharbor/chartmuseum-photon
docker.io/goharbor/harbor-core
docker.io/goharbor/harbor-db
docker.io/goharbor/harbor-exporter
docker.io/goharbor/harbor-jobservice
docker.io/goharbor/harbor-operator
docker.io/goharbor/harbor-portal
docker.io/goharbor/harbor-registryctl
docker.io/goharbor/nginx-photon
docker.io/goharbor/notary-server-photon
docker.io/goharbor/notary-signer-photon
docker.io/goharbor/redis-photon
docker.io/goharbor/registry-photon
docker.io/goharbor/trivy-adapter-photon
docker.io/golang
docker.io/grafana/grafana
docker.io/grafana/tempo
docker.io/halverneus/static-file-server
docker.io/haproxy
docker.io/honkit/honkit
docker.io/integratedcloudnative/ovn4nfv-k8s-plugin
docker.io/istio/citadel
docker.io/istio/examples-bookinfo-details-v1
docker.io/istio/examples-bookinfo-productpage-v1
docker.io/istio/examples-bookinfo-ratings-v1
docker.io/istio/examples-bookinfo-reviews-v1
docker.io/istio/examples-bookinfo-reviews-v2
docker.io/istio/examples-bookinfo-reviews-v3
docker.io/istio/examples-helloworld-v1
docker.io/istio/examples-helloworld-v2
docker.io/istio/galley
docker.io/istio/install-cni
docker.io/istio/kubectl
docker.io/istio/mixer
docker.io/istio/operator
docker.io/istio/pilot
docker.io/istio/proxyv2
docker.io/istio/sidecar_injector
docker.io/jaegertracing/all-in-one
docker.io/jaegertracing/jaeger-agent
docker.io/jaegertracing/jaeger-collector
docker.io/jaegertracing/jaeger-es-index-cleaner
docker.io/jaegertracing/jaeger-es-rollover
docker.io/jaegertracing/jaeger-operator
docker.io/jaegertracing/jaeger-query
docker.io/jaegertracing/spark-dependencies
docker.io/java
docker.io/jboss/keycloak
docker.io/jenkins/jnlp-slave
docker.io/jertel/elastalert2
docker.io/jimmidyson/configmap-reload
docker.io/joosthofman/wget
docker.io/joseluisq/static-web-server
docker.io/jujusolutions/juju-db
docker.io/jujusolutions/jujud-operator
docker.io/k8scloudprovider/cinder-csi-plugin
docker.io/karmada/karmada-agent
docker.io/karmada/karmada-aggregated-apiserver
docker.io/karmada/karmada-controller-manager
docker.io/karmada/karmada-descheduler
docker.io/karmada/karmada-scheduler
docker.io/karmada/karmada-scheduler-estimator
docker.io/karmada/karmada-search
docker.io/karmada/karmada-webhook
docker.io/kedacore/keda
docker.io/kedacore/keda-metrics-apiserver
docker.io/kennethreitz/httpbin
docker.io/keyval/otel-go-agent
docker.io/kindest/base
docker.io/kindest/haproxy
docker.io/kindest/node
docker.io/kiwigrid/k8s-sidecar
docker.io/kubeedge/cloudcore
docker.io/kubeovn/kube-ovn
docker.io/kuberhealthy/dns-resolution-check
docker.io/kuberhealthy/kuberhealthy
docker.io/kubernetesui/dashboard
docker.io/kubernetesui/dashboard-amd64
docker.io/kubernetesui/metrics-scraper
docker.io/library/alpine
docker.io/library/busybox
docker.io/library/caddy
docker.io/library/centos
docker.io/library/debian
docker.io/library/docker
docker.io/library/golang
docker.io/library/haproxy
docker.io/library/java
docker.io/library/mariadb
docker.io/library/mongo
docker.io/library/mysql
docker.io/library/nats-streaming
docker.io/library/nextcloud
docker.io/library/nginx
docker.io/library/node
docker.io/library/openjdk
docker.io/library/percona
docker.io/library/perl
docker.io/library/phpmyadmin
docker.io/library/postgres
docker.io/library/python
docker.io/library/rabbitmq
docker.io/library/redis
docker.io/library/registry
docker.io/library/traefik
docker.io/library/ubuntu
docker.io/library/wordpress
docker.io/library/zookeeper
docker.io/longhornio/backing-image-manager
docker.io/longhornio/csi-attacher
docker.io/longhornio/csi-node-driver-registrar
docker.io/longhornio/csi-provisioner
docker.io/longhornio/csi-resizer
docker.io/longhornio/csi-snapshotter
docker.io/longhornio/longhorn-engine
docker.io/longhornio/longhorn-instance-manager
docker.io/longhornio/longhorn-manager
docker.io/longhornio/longhorn-share-manager
docker.io/longhornio/longhorn-ui
docker.io/mariadb
docker.io/merbridge/merbridge
docker.io/metallb/controller
docker.io/metallb/speaker
docker.io/minio/console
docker.io/minio/kes
docker.io/minio/logsearchapi
docker.io/minio/mc
docker.io/minio/minio
docker.io/minio/operator
docker.io/mirantis/k8s-netchecker-agent
docker.io/mirantis/k8s-netchecker-server
docker.io/mirrorgooglecontainers/defaultbackend-amd64
docker.io/mirrorgooglecontainers/hpa-example
docker.io/moby/buildkit
docker.io/mohsinonxrm/mongodb-agent
docker.io/mohsinonxrm/mongodb-kubernetes-operator
docker.io/mohsinonxrm/mongodb-kubernetes-operator-version-upgrade-post-start-hook
docker.io/mohsinonxrm/mongodb-kubernetes-readiness
docker.io/mongo
docker.io/multiarch/qemu-user-static
docker.io/mysql
docker.io/n8nio/n8n
docker.io/nacos/nacos-server
docker.io/nats-streaming
docker.io/neuvector/controller
docker.io/neuvector/enforcer
docker.io/neuvector/manager
docker.io/neuvector/scanner
docker.io/neuvector/updater
docker.io/nextcloud
docker.io/nfvpe/multus
docker.io/nginx
docker.io/nginxdemos/hello
docker.io/node
docker.io/oamdev/cluster-gateway
docker.io/oamdev/kube-webhook-certgen
docker.io/oamdev/terraform-controller
docker.io/oamdev/vela-apiserver
docker.io/oamdev/vela-core
docker.io/oamdev/vela-rollout
docker.io/oamdev/velaux
docker.io/oliver006/redis_exporter
docker.io/openebs/admission-server
docker.io/openebs/linux-utils
docker.io/openebs/m-apiserver
docker.io/openebs/node-disk-manager
docker.io/openebs/node-disk-operator
docker.io/openebs/openebs-k8s-provisioner
docker.io/openebs/provisioner-localpv
docker.io/openebs/snapshot-controller
docker.io/openebs/snapshot-provisioner
docker.io/openjdk
docker.io/openpolicyagent/gatekeeper
docker.io/openstorage/stork
docker.io/openzipkin/zipkin
docker.io/osixia/openldap
docker.io/otel/demo
docker.io/otel/opentelemetry-collector
docker.io/otel/opentelemetry-collector-contrib
docker.io/percona
docker.io/percona/mongodb_exporter
docker.io/perl
docker.io/phpmyadmin
docker.io/phpmyadmin/phpmyadmin
docker.io/pingcap/coredns
docker.io/portainer/portainer-ce
docker.io/postgres
docker.io/prom/alertmanager
docker.io/prom/mysqld-exporter
docker.io/prom/node-exporter
docker.io/prom/prometheus
docker.io/prometheuscommunity/postgres-exporter
docker.io/python
docker.io/rabbitmq
docker.io/rabbitmqoperator/cluster-operator
docker.io/rancher/helm-controller
docker.io/rancher/k3d-tools
docker.io/rancher/k3s
docker.io/rancher/kubectl
docker.io/rancher/local-path-provisioner
docker.io/rclone/rclone
docker.io/redis
docker.io/redislabs/redisearch
docker.io/registry
docker.io/sonobuoy/cluster-inventory
docker.io/sonobuoy/kube-bench
docker.io/sonobuoy/sonobuoy
docker.io/sonobuoy/systemd-logs
docker.io/squidfunk/mkdocs-material
docker.io/swaggerapi/swagger-codegen-cli
docker.io/tgagor/centos-stream
docker.io/thanosio/thanos
docker.io/timberio/vector
docker.io/traefik
docker.io/ubuntu
docker.io/velero/velero
docker.io/victoriametrics/operator
docker.io/victoriametrics/victoria-logs
docker.io/victoriametrics/victoria-metrics
docker.io/victoriametrics/vmagent
docker.io/victoriametrics/vmalert
docker.io/victoriametrics/vminsert
docker.io/victoriametrics/vmselect
docker.io/victoriametrics/vmstorage
docker.io/weaveworks/scope
docker.io/weaveworks/weave-kube
docker.io/weaveworks/weave-npc
docker.io/wordpress
docker.io/xueshanf/install-socat
docker.io/zenko/kafka-manager
docker.io/zookeeper
gcr.io/cadvisor/cadvisor
gcr.io/distroless/base
gcr.io/distroless/static
gcr.io/distroless/static-debian11
gcr.io/google-containers/pause
gcr.io/google.com/cloudsdktool/cloud-sdk
gcr.io/google_containers/hyperkube
gcr.io/heptio-images/ks-guestbook-demo
gcr.io/istio-release/app_sidecar_base_centos_7
gcr.io/istio-release/app_sidecar_base_centos_8
gcr.io/istio-release/base
gcr.io/istio-release/distroless
gcr.io/istio-release/iptables
gcr.io/istio-testing/app
gcr.io/istio-testing/build-tools
gcr.io/istio-testing/buildkit
gcr.io/istio-testing/dotdotpwn
gcr.io/istio-testing/ext-authz
gcr.io/istio-testing/fake-gce-metadata
gcr.io/istio-testing/fake-stackdriver
gcr.io/istio-testing/fuzz_tomcat
gcr.io/istio-testing/jwttool
gcr.io/istio-testing/kind-node
gcr.io/istio-testing/kindest/node
gcr.io/istio-testing/mynewproxy
gcr.io/istio-testing/myproxy
gcr.io/istio-testing/operator
gcr.io/istio-testing/pilot
gcr.io/istio-testing/proxyv2
gcr.io/k8s-staging-etcd/etcd
gcr.io/k8s-staging-gateway-api/admission-server
gcr.io/k8s-staging-kube-state-metrics/kube-state-metrics
gcr.io/k8s-staging-nfd/node-feature-discovery
gcr.io/k8s-staging-test-infra/krte
gcr.io/kaniko-project/executor
gcr.io/knative-releases/knative.dev/client/cmd/kn
gcr.io/knative-releases/knative.dev/eventing/cmd/apiserver_receive_adapter
gcr.io/knative-releases/knative.dev/eventing/cmd/controller
gcr.io/knative-releases/knative.dev/eventing/cmd/in_memory/channel_controller
gcr.io/knative-releases/knative.dev/eventing/cmd/in_memory/channel_dispatcher
gcr.io/knative-releases/knative.dev/eventing/cmd/mtbroker/filter
gcr.io/knative-releases/knative.dev/eventing/cmd/mtbroker/ingress
gcr.io/knative-releases/knative.dev/eventing/cmd/mtchannel_broker
gcr.io/knative-releases/knative.dev/eventing/cmd/mtping
gcr.io/knative-releases/knative.dev/eventing/cmd/webhook
gcr.io/knative-releases/knative.dev/net-istio/cmd/controller
gcr.io/knative-releases/knative.dev/net-istio/cmd/webhook
gcr.io/knative-releases/knative.dev/net-kourier/cmd/kourier
gcr.io/knative-releases/knative.dev/serving/cmd/activator
gcr.io/knative-releases/knative.dev/serving/cmd/autoscaler
gcr.io/knative-releases/knative.dev/serving/cmd/controller
gcr.io/knative-releases/knative.dev/serving/cmd/default-domain
gcr.io/knative-releases/knative.dev/serving/cmd/domain-mapping
gcr.io/knative-releases/knative.dev/serving/cmd/domain-mapping-webhook
gcr.io/knative-releases/knative.dev/serving/cmd/queue
gcr.io/knative-releases/knative.dev/serving/cmd/webhook
gcr.io/kuar-demo/kuard-amd64
gcr.io/kubebuilder/kube-rbac-proxy
gcr.io/kubecost1/cost-model
gcr.io/kubecost1/frontend
gcr.io/tekton-releases/github.com/tektoncd/dashboard/cmd/dashboard
gcr.io/tekton-releases/github.com/tektoncd/operator/cmd/kubernetes/operator
gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/controller
gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/entrypoint
gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init
gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/imagedigestexporter
gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/webhook
gcr.io/tekton-releases/github.com/tektoncd/results/cmd/api
gcr.io/tekton-releases/github.com/tektoncd/results/cmd/watcher
gcr.io/tekton-releases/github.com/tektoncd/triggers/cmd/controllers
gcr.io/tekton-releases/github.com/tektoncd/triggers/cmd/webhook
ghcr.io/aquasecurity/trivy
ghcr.io/aquasecurity/trivy-db
ghcr.io/aquasecurity/trivy-java-db
ghcr.io/chaos-mesh/chaos-daemon
ghcr.io/chaos-mesh/chaos-dashboard
ghcr.io/chaos-mesh/chaos-dlv
ghcr.io/chaos-mesh/chaos-kernel
ghcr.io/chaos-mesh/chaos-mesh
ghcr.io/clusterpedia-io/clusterpedia/apiserver
ghcr.io/clusterpedia-io/clusterpedia/clustersynchro-manager
ghcr.io/daocloud/ckube
ghcr.io/daocloud/dao-2048
ghcr.io/dependabot/dependabot-core
ghcr.io/dependabot/dependabot-core-development
ghcr.io/dexidp/dex
ghcr.io/dtzar/helm-kubectl
ghcr.io/ferryproxy/ferry/ferry-controller
ghcr.io/ferryproxy/ferry/ferry-tunnel
ghcr.io/fluxcd/helm-controller
ghcr.io/fluxcd/kustomize-controller
ghcr.io/fluxcd/notification-controller
ghcr.io/fluxcd/source-controller
ghcr.io/helm/chartmuseum
ghcr.io/hwameistor/admission
ghcr.io/hwameistor/apiserver
ghcr.io/hwameistor/drbd-reactor
ghcr.io/hwameistor/drbd9-bionic
ghcr.io/hwameistor/drbd9-focal
ghcr.io/hwameistor/drbd9-jammy
ghcr.io/hwameistor/drbd9-rhel7
ghcr.io/hwameistor/drbd9-rhel8
ghcr.io/hwameistor/drbd9-shipper
ghcr.io/hwameistor/evictor
ghcr.io/hwameistor/hwameistor-ui
ghcr.io/hwameistor/local-disk-manager
ghcr.io/hwameistor/local-storage
ghcr.io/hwameistor/operator
ghcr.io/hwameistor/scheduler
ghcr.io/hwameistor/self-signed
ghcr.io/k8snetworkplumbingwg/multus-cni
ghcr.io/k8snetworkplumbingwg/network-resources-injector
ghcr.io/k8snetworkplumbingwg/sriov-cni
ghcr.io/k8snetworkplumbingwg/sriov-network-device-plugin
ghcr.io/k8snetworkplumbingwg/sriov-network-operator
ghcr.io/k8snetworkplumbingwg/sriov-network-operator-config-daemon
ghcr.io/k8snetworkplumbingwg/sriov-network-operator-webhook
ghcr.io/klts-io/kubernetes-lts/coredns
ghcr.io/klts-io/kubernetes-lts/etcd
ghcr.io/klts-io/kubernetes-lts/kube-apiserver
ghcr.io/klts-io/kubernetes-lts/kube-controller-manager
ghcr.io/klts-io/kubernetes-lts/kube-proxy
ghcr.io/klts-io/kubernetes-lts/kube-scheduler
ghcr.io/klts-io/kubernetes-lts/pause
ghcr.io/ksmartdata/logical-backup
ghcr.io/kube-vip/kube-vip
ghcr.io/kubean-io/kubean-operator
ghcr.io/kubean-io/kubespray
ghcr.io/kubean-io/spray-job
ghcr.io/megacloudcontainer/kube-hunter
ghcr.io/megacloudcontainer/kubeaudit
ghcr.io/open-telemetry/demo
ghcr.io/open-telemetry/opentelemetry-go-instrumentation/autoinstrumentation-go
ghcr.io/open-telemetry/opentelemetry-operator/autoinstrumentation-dotnet
ghcr.io/open-telemetry/opentelemetry-operator/autoinstrumentation-java
ghcr.io/open-telemetry/opentelemetry-operator/autoinstrumentation-nodejs
ghcr.io/open-telemetry/opentelemetry-operator/autoinstrumentation-python
ghcr.io/open-telemetry/opentelemetry-operator/opentelemetry-operator
ghcr.io/openfaas/basic-auth
ghcr.io/openfaas/faas-netes
ghcr.io/openfaas/gateway
ghcr.io/openfaas/queue-worker
ghcr.io/openinsight-proj/demo
ghcr.io/openinsight-proj/elastic-alert
ghcr.io/openinsight-proj/openinsight
ghcr.io/openinsight-proj/opentelemetry-demo-helm-chart/adservice
ghcr.io/openinsight-proj/opentelemetry-demo-helm-chart/sentinel
ghcr.io/ovn-org/ovn-kubernetes/ovn-kube-f
ghcr.io/ovn-org/ovn-kubernetes/ovn-kube-u
ghcr.io/projectcontour/contour
ghcr.io/pterodactyl/yolks
ghcr.io/scholzj/zoo-entrance
ghcr.io/spidernet-io/cni-plugins/meta-plugins
ghcr.io/spidernet-io/egressgateway-agent
ghcr.io/spidernet-io/egressgateway-controller
ghcr.io/spidernet-io/spiderdoctor-agent
ghcr.io/spidernet-io/spiderdoctor-controller
ghcr.io/spidernet-io/spiderpool/spiderpool-agent
ghcr.io/spidernet-io/spiderpool/spiderpool-base
ghcr.io/spidernet-io/spiderpool/spiderpool-controller
ghcr.io/sumologic/tailing-sidecar
ghcr.io/sumologic/tailing-sidecar-operator
quay.io/argoproj/argo-events
quay.io/argoproj/argo-rollouts
quay.io/argoproj/argocd
quay.io/argoproj/argocd-applicationset
quay.io/argoproj/argocli
quay.io/argoproj/argoexec
quay.io/argoproj/kubectl-argo-rollouts
quay.io/argoproj/workflow-controller
quay.io/argoprojlabs/argocd-image-updater
quay.io/brancz/kube-rbac-proxy
quay.io/calico/apiserver
quay.io/calico/cni
quay.io/calico/ctl
quay.io/calico/kube-controllers
quay.io/calico/node
quay.io/calico/pod2daemon-flexvol
quay.io/calico/typha
quay.io/cilium/certgen
quay.io/cilium/cilium
quay.io/cilium/cilium-etcd-operator
quay.io/cilium/cilium-init
quay.io/cilium/clustermesh-apiserver
quay.io/cilium/hubble-relay
quay.io/cilium/hubble-ui
quay.io/cilium/hubble-ui-backend
quay.io/cilium/json-mock
quay.io/cilium/operator
quay.io/cilium/operator-alibabacloud
quay.io/cilium/operator-generic
quay.io/cilium/startup-script
quay.io/containers/skopeo
quay.io/coreos/etcd
quay.io/coreos/flannel
quay.io/datawire/ambassador-operator
quay.io/external_storage/cephfs-provisioner
quay.io/external_storage/local-volume-provisioner
quay.io/external_storage/nfs-client-provisioner
quay.io/external_storage/rbd-provisioner
quay.io/fluentd_elasticsearch/elasticsearch
quay.io/fluentd_elasticsearch/fluentd
quay.io/goswagger/swagger
quay.io/grafana-operator/grafana_plugins_init
quay.io/iovisor/bcc
quay.io/jaegertracing/jaeger-operator
quay.io/jetstack/cert-manager-cainjector
quay.io/jetstack/cert-manager-controller
quay.io/jetstack/cert-manager-ctl
quay.io/jetstack/cert-manager-webhook
quay.io/k8scsi/csi-attacher
quay.io/k8scsi/csi-node-driver-registrar
quay.io/k8scsi/csi-provisioner
quay.io/k8scsi/csi-resizer
quay.io/k8scsi/csi-snapshotter
quay.io/k8scsi/livenessprobe
quay.io/k8scsi/snapshot-controller
quay.io/keycloak/keycloak
quay.io/kiali/kiali
quay.io/kiwigrid/k8s-sidecar
quay.io/kubespray/kubespray
quay.io/kubevirt/cdi-apiserver
quay.io/kubevirt/cdi-cloner
quay.io/kubevirt/cdi-controller
quay.io/kubevirt/cdi-importer
quay.io/kubevirt/cdi-operator
quay.io/kubevirt/cdi-uploadproxy
quay.io/kubevirt/cdi-uploadserver
quay.io/kubevirt/virt-api
quay.io/kubevirt/virt-controller
quay.io/kubevirt/virt-exportserver
quay.io/kubevirt/virt-handler
quay.io/kubevirt/virt-launcher
quay.io/kubevirt/virt-operator
quay.io/l23network/k8s-netchecker-agent
quay.io/l23network/k8s-netchecker-server
quay.io/metallb/controller
quay.io/metallb/speaker
quay.io/minio/minio
quay.io/mongodb/mongodb-agent
quay.io/mongodb/mongodb-kubernetes-operator
quay.io/mongodb/mongodb-kubernetes-operator-version-upgrade-post-start-hook
quay.io/mongodb/mongodb-kubernetes-readinessprobe
quay.io/nmstate/kubernetes-nmstate-handler
quay.io/nmstate/kubernetes-nmstate-operator
quay.io/operator-framework/olm
quay.io/opstree/redis
quay.io/opstree/redis-exporter
quay.io/opstree/redis-operator
quay.io/piraeusdatastore/drbd-reactor
quay.io/piraeusdatastore/drbd9-centos7
quay.io/piraeusdatastore/piraeus-client
quay.io/piraeusdatastore/piraeus-csi
quay.io/piraeusdatastore/piraeus-ha-controller
quay.io/piraeusdatastore/piraeus-operator
quay.io/prometheus-operator/prometheus-config-reloader
quay.io/prometheus-operator/prometheus-operator
quay.io/prometheus/alertmanager
quay.io/prometheus/blackbox-exporter
quay.io/prometheus/node-exporter
quay.io/prometheus/prometheus
quay.io/prometheuscommunity/elasticsearch-exporter
quay.io/spotahome/redis-operator
quay.io/strimzi/jmxtrans
quay.io/strimzi/kafka
quay.io/strimzi/kafka-bridge
quay.io/strimzi/kaniko-executor
quay.io/strimzi/maven-builder
quay.io/strimzi/operator
quay.io/submariner/submariner
quay.io/submariner/submariner-gateway
quay.io/submariner/submariner-globalnet
quay.io/submariner/submariner-networkplugin-syncer
quay.io/submariner/submariner-operator
quay.io/submariner/submariner-operator-index
quay.io/submariner/submariner-route-agent
quay.io/tigera/operator
registry.k8s.io/addon-resizer
registry.k8s.io/build-image/debian-iptables
registry.k8s.io/build-image/go-runner
registry.k8s.io/build-image/kube-cross
registry.k8s.io/cluster-api/cluster-api-controller
registry.k8s.io/cluster-api/kubeadm-bootstrap-controller
registry.k8s.io/cluster-api/kubeadm-control-plane-controller
registry.k8s.io/conformance
registry.k8s.io/coredns
registry.k8s.io/coredns/coredns
registry.k8s.io/cpa/cluster-proportional-autoscaler
registry.k8s.io/cpa/cluster-proportional-autoscaler-amd64
registry.k8s.io/cpa/cluster-proportional-autoscaler-arm64
registry.k8s.io/debian-base
registry.k8s.io/dns/k8s-dns-node-cache
registry.k8s.io/etcd
registry.k8s.io/etcd/etcd
registry.k8s.io/ingress-nginx/controller
registry.k8s.io/ingress-nginx/e2e-test-runner
registry.k8s.io/ingress-nginx/kube-webhook-certgen
registry.k8s.io/kube-apiserver
registry.k8s.io/kube-apiserver-amd64
registry.k8s.io/kube-controller-manager
registry.k8s.io/kube-controller-manager-amd64
registry.k8s.io/kube-proxy
registry.k8s.io/kube-proxy-amd64
registry.k8s.io/kube-registry-proxy
registry.k8s.io/kube-scheduler
registry.k8s.io/kube-scheduler-amd64
registry.k8s.io/kube-state-metrics/kube-state-metrics
registry.k8s.io/kueue/kueue
registry.k8s.io/kwok/cluster
registry.k8s.io/kwok/kwok
registry.k8s.io/metrics-server
registry.k8s.io/metrics-server-amd64
registry.k8s.io/metrics-server/metrics-server
registry.k8s.io/metrics-server/metrics-server-amd64
registry.k8s.io/nfd/node-feature-discovery
registry.k8s.io/node-problem-detector/node-problem-detector
registry.k8s.io/node-test
registry.k8s.io/node-test-amd64
registry.k8s.io/pause
registry.k8s.io/prometheus-adapter/prometheus-adapter
registry.k8s.io/sig-storage/csi-attacher
registry.k8s.io/sig-storage/csi-node-driver-registrar
registry.k8s.io/sig-storage/csi-provisioner
registry.k8s.io/sig-storage/csi-resizer
registry.k8s.io/sig-storage/csi-snapshotter
registry.k8s.io/sig-storage/livenessprobe
registry.k8s.io/sig-storage/local-volume-provisioner
registry.k8s.io/sig-storage/nfs-subdir-external-provisioner
registry.k8s.io/sig-storage/snapshot-controller
registry.opensource.zalan.do/acid/logical-backup
registry.opensource.zalan.do/acid/pgbouncer
registry.opensource.zalan.do/acid/postgres-operator
registry.opensource.zalan.do/acid/spilo-14
registry.opensource.zalan.do/acid/spilo-15

5.配置默认镜像加速

bash 复制代码 
$ tree /etc/containerd/certs.d
/etc/containerd/certs.d
└── _default
    └── hosts.toml

$ cat /etc/containerd/certs.d/_default/hosts.toml
[host."https://registry.example.com"]
  capabilities = ["pull", "resolve"]

6.验证 nerdctl 镜像加速

bash 复制代码 
ctr --debug=true i pull --hosts-dir=/etc/containerd/certs.d docker.io/library/ubuntu:20.04 
nerdctl --debug=true image pull docker.io/library/nginx:latest
nerdctl --debug=true image pull docker.io/library/ubuntu:20.04
nerdctl --debug=true image pull registry.k8s.io/sig-storage/csi-provisioner:v3.5.0

7.配置 crictl 的镜像加速(与上面 4 的二选一)

bash 复制代码 
vim /etc/containerd/config.toml
bash 复制代码 
#crictl基于cri借口调用containerd,不能识别/etc/containerd/certs.d目录,不能与config_path并存,将其注释。
[plugins."io.containerd.grpc.v1.cri".registry]
#      config_path = "/etc/containerd/certs.d"
bash 复制代码 
      [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
      #添加以下镜像加速地址
        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
          endpoint = ["https://docker.m.daocloud.io", "https://dockerproxy.com", "https://registry-1.docker.io"]
        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."gcr.io"]
          endpoint = ["https://gcr.m.daocloud.io"]
        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."k8s.gcr.io"]
          endpoint = ["https://k8s-gcr.m.daocloud.io"]
        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."ghcr.io"]
          endpoint = ["https://ghcr.m.daocloud.io"]
        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."quay.io"]
          endpoint = ["https://quay.m.daocloud.io"]
bash 复制代码 
systemctl daemon-reload && systemctl restart containerd

8.测试crictl镜像加速

bash 复制代码 
#拉取镜像
crictl --debug=true pull docker.io/library/ubuntu:20.04 
ctr --debug=true i pull docker.io/library/ubuntu:20.04
相关推荐
科技AI训练师2 小时前
2026年清虹分布式坐席系统如何破局技术内卷与运维成本困局
运维·分布式
wanhengidc2 小时前
服务器机柜的功能是什么
运维·服务器·网络
运维老郭2 小时前
【K8s 调度三阶段 · 避坑完全指南】过滤→打分→绑定,9 成 Pending 都卡在第一关
运维·云原生·kubernetes
keyipatience2 小时前
Linux进程调度与优先级机制解析
linux·运维·服务器
kaisun642 小时前
解决腾讯云服务器上 Git 克隆超时与 Docker 镜像拉取失败问题
腾讯云·镜像加速
前端若水2 小时前
开发环境准备:Python、Node.js、Docker与Git
python·docker·node.js
木雷坞2 小时前
AI Coding Agent 工具链部署:MCP Server、Docker Gateway 和镜像预检
人工智能·容器
在角落发呆2 小时前
Windows 8系统下的IP转发:一台电脑如何变身网络桥梁
运维·服务器
SPC的存折3 小时前
14、K8S-NetworkPolicy
运维·云原生·容器·kubernetes
热门推荐
01GitHub 镜像站点02Codex 接入 DeepSeek API 完整配置文档03【AI】2026 年具身智能模型和世界模型总结04CC-Switch & Claude 基于 Linux 服务器安装使用指南05零基础教你claude code 接入 deepseek V406Cursor 接入 DeepSeek‑V4‑Pro 完整指南(2026 实测)07codex app每次打开重连5次Reconnecting问题解决08裂开!ChatGPT 居然开始要手机号验证,附详细解决方法09Windows端Codex接入第三方模型(DeekSeek,BaiLian)10AI科技热点日报 | 2026年5月11日