containerd docker

Containerd Mirrors 加速

Containerd Mirrors

Posted by BlueFat on Monday, November 23, 2020

containerd 使用https://docker.mirrors.ustc.edu.cn加速 抽风403

FATA[0038] pulling image: rpc error: code = Unknown desc = failed to pull and unpack image "docker.io/library/nginx:alpine": failed to copy: httpReadSeeker: failed open: unexpected status code https://docker.mirrors.ustc.edu.cn/v2/library/busybox/blobs/sha256:8c811b4aec35f259572d0f79207bc0678df4c736eeec50bc9fec37ed936a472a?ns=docker.io: 403 Forbidden 


curl -X GET -H "Accept: application/vnd.docker.distribution.manifest.list.v2+json"  https://docker.mirrors.ustc.edu.cn/v2/library/busybox/blobs/sha256:8c811b4aec35f259572d0f79207bc0678df4c736eeec50bc9fec37ed936a472a?ns=docker.io

<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>openresty</center>
</body>
</html>

DaoCloud Mirrors Github

vim /etc/containerd/config.toml

      [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
            endpoint = ["https://docker.m.daocloud.io","http://hub-mirror.c.163.com"]
        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."gcr.io"]
            endpoint = ["gcr.m.daocloud.io"]
        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."k8s.gcr.io"]
            endpoint = ["k8s-gcr.m.daocloud.io"]
        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."quay.io"]
            endpoint = ["quay.m.daocloud.io"]
        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."registry.k8s.io"]
            endpoint = ["k8s.m.daocloud.io"]
        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.elastic.co"]
            endpoint = ["elastic.m.daocloud.io"]
        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."harbor.sundayhk.com"]
            endpoint = ["https://harbor.sundayhk.com"]

      [plugins."io.containerd.grpc.v1.cri".registry.configs]
        [plugins."io.containerd.grpc.v1.cri".registry.configs."harbor.sundayhk.com"]
          [plugins."io.containerd.grpc.v1.cri".registry.configs."harbor.sundayhk.com".tls]
            insecure_skip_verify = true
          [plugins."io.containerd.grpc.v1.cri".registry.configs."harbor.sundayhk.com".auth]
            username = "admin"
            password = "Harbor12345"

containerd systemd 默认设置了KillMode=process,重启不会杀死运行的容器

systemctl daemon-reload
systemctl restart containerd

crictl info | grep -A5 mirrors
      "mirrors": {
        "docker.io": {
          "endpoint": [
            "https://docker.m.daocloud.io",
            "http://hub-mirror.c.163.com"
          ]

注意:这个配置文件是给crictl和kubelet使用,ctr是不可以用这个配置文件的,ctr 不使用 CRI,因此它不读取plugins."io.containerd.grpc.v1.cri"配置。

如果你使用ctr或者nerdctl,是不会读取/etc/containerd/config.toml的配置如mirros,私有仓库。

nerdctl tag docker.io/library/busybox:1.28 harbor.sundayhk.com/xlp/busybox:1.28
# ctr -n k8s.io images tag docker.io/library/busybox:1.28 harbor.sundayhk.com/xlp/busybox:1.28
ctr -n k8s.io images push harbor.sundayhk.com/xlp/busybox:1.28 --skip-verify --user admin:Harbor12345

# 注意可能会出现 ctr: content digest sha256:xxxxxx  not found,解决办法,下载完整的
ctr image pull --all-platforms docker.io/library/redis:alpine

# crictl则会读取/etc/containerd/config.toml
crictl pull harbor.sundayhk.com/xlp/busybox:1.28

Harbor 和Containerd的最佳实栈

【云原生】Containerd ctr 和 crictl 客户端命令介绍与实战操作(nerdctl )

CATALOG
    FEATURED TAGS
    ansible bash calico containerd docker firewalld flannel grpc https iptables keepalived kernel kubernetes linux lvs mysql network nginx prometheus python rabbitmq rocketmq shell sort ssh tcp tcpdump ubuntu ufw 性能 排序 正则表达式 算法 递归 闭包
    FRIENDS