Containerd配置私有Harbor镜像仓库
现在K8s集群大多少都是使用containerd来跑,相比之前的docker,确实拉取推送镜像略微麻烦了点.
# 1. 配置containerd认证Harbor,本地harbor使用的http方式
[root@master01 containerd]# cat /etc/containerd/config.toml
version = 2
root = "/data/containerd"
state = "/run/containerd"
oom_score = -999
[grpc]
max_recv_message_size = 16777216
max_send_message_size = 16777216
[debug]
level = "info"
[metrics]
address = ""
grpc_histogram = false
[plugins]
[plugins."io.containerd.grpc.v1.cri"]
sandbox_image = "registry.custom.local:12480/kubeadm-ha/pause:3.7"
max_container_log_line_size = -1
[plugins."io.containerd.grpc.v1.cri".containerd]
default_runtime_name = "runc"
snapshotter = "overlayfs"
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes]
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
runtime_type = "io.containerd.runc.v2"
runtime_engine = ""
runtime_root = ""
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
SystemdCgroup = true
[plugins."io.containerd.grpc.v1.cri".registry]
#######################################新增#######################################
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."10.20.58.50:5000"]
endpoint = ["http://10.20.58.50:5000"] # Harbor-1
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."registry.custom.local:12480"]
endpoint = ["http://registry.custom.local:12480"] # Harbor-2
[plugins."io.containerd.grpc.v1.cri".registry.configs."10.20.58.50:5000".tls]
insecure_skip_verify = true # 跳过证书认证
[plugins."io.containerd.grpc.v1.cri".registry.configs."10.20.58.50:5000".auth]
username = "admin" # Harbor的账号密码
password = "Harbor12345"
[plugins."io.containerd.grpc.v1.cri".registry.configs."registry.custom.local:12480".tls]
insecure_skip_verify = true
[plugins."io.containerd.grpc.v1.cri".registry.configs."registry.custom.local:12480".auth]
username = "admin"
password = "Harbor12345"
##############################################################################
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
# 2.重启containerd
[root@master01 containerd]# systemctl restart containerd
# 配置多个私有镜像仓库如上
1
2
2
# 3. 拉取镜像
[root@node06 ~]# crictl pull registry.custom.local:12480/kubeadm-ha/etcd:3.5.6-0
Image is up to date for sha256:fce326961ae2d51a5f726883fd59d2a8c2ccc3e45d3bb859882db58e422e59e7
1
2
2
上次更新: 2025/04/25, 03:40:17