Containerd Mirrors 加速

Containerd Mirrors

Posted by BlueFat on Monday, November 23, 2020

containerd 使用https://docker.mirrors.ustc.edu.cn加速 抽风403

FATA[0038] pulling image: rpc error: code = Unknown desc = failed to pull and unpack image "docker.io/library/nginx:alpine": failed to copy: httpReadSeeker: failed open: unexpected status code https://docker.mirrors.ustc.edu.cn/v2/library/busybox/blobs/sha256:8c811b4aec35f259572d0f79207bc0678df4c736eeec50bc9fec37ed936a472a?ns=docker.io: 403 Forbidden 


curl -X GET -H "Accept: application/vnd.docker.distribution.manifest.list.v2+json"  https://docker.mirrors.ustc.edu.cn/v2/library/busybox/blobs/sha256:8c811b4aec35f259572d0f79207bc0678df4c736eeec50bc9fec37ed936a472a?ns=docker.io

<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>openresty</center>
</body>
</html>

DaoCloud Mirrors Github

vim /etc/containerd/config.toml

      [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
            endpoint = ["https://docker.m.daocloud.io","http://hub-mirror.c.163.com"]
        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."gcr.io"]
            endpoint = ["gcr.m.daocloud.io"]
        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."k8s.gcr.io"]
            endpoint = ["k8s-gcr.m.daocloud.io"]
        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."quay.io"]
            endpoint = ["quay.m.daocloud.io"]
        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."registry.k8s.io"]
            endpoint = ["k8s.m.daocloud.io"]
        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.elastic.co"]
            endpoint = ["elastic.m.daocloud.io"]
        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."harbor.sundayhk.com"]
            endpoint = ["https://harbor.sundayhk.com"]

      [plugins."io.containerd.grpc.v1.cri".registry.configs]
        [plugins."io.containerd.grpc.v1.cri".registry.configs."harbor.sundayhk.com"]
          [plugins."io.containerd.grpc.v1.cri".registry.configs."harbor.sundayhk.com".tls]
            insecure_skip_verify = true
          [plugins."io.containerd.grpc.v1.cri".registry.configs."harbor.sundayhk.com".auth]
            username = "admin"
            password = "Harbor12345"

containerd systemd 默认设置了KillMode=process,重启不会杀死运行的容器

systemctl daemon-reload
systemctl restart containerd

crictl info | grep -A5 mirrors
      "mirrors": {
        "docker.io": {
          "endpoint": [
            "https://docker.m.daocloud.io",
            "http://hub-mirror.c.163.com"
          ]

注意:这个配置文件是给crictl和kubelet使用,ctr是不可以用这个配置文件的,ctr 不使用 CRI,因此它不读取plugins."io.containerd.grpc.v1.cri"配置。

如果你使用ctr或者nerdctl,是不会读取/etc/containerd/config.toml的配置如mirros,私有仓库。

nerdctl tag docker.io/library/busybox:1.28 harbor.sundayhk.com/xlp/busybox:1.28
# ctr -n k8s.io images tag docker.io/library/busybox:1.28 harbor.sundayhk.com/xlp/busybox:1.28
ctr -n k8s.io images push harbor.sundayhk.com/xlp/busybox:1.28 --skip-verify --user admin:Harbor12345

# 注意可能会出现 ctr: content digest sha256:xxxxxx  not found,解决办法,下载完整的
ctr image pull --all-platforms docker.io/library/redis:alpine

# crictl则会读取/etc/containerd/config.toml
crictl pull harbor.sundayhk.com/xlp/busybox:1.28

Harbor 和Containerd的最佳实栈

【云原生】Containerd ctr 和 crictl 客户端命令介绍与实战操作(nerdctl )