containerd 使用https://docker.mirrors.ustc.edu.cn
加速 抽风403
FATA[0038] pulling image: rpc error: code = Unknown desc = failed to pull and unpack image "docker.io/library/nginx:alpine": failed to copy: httpReadSeeker: failed open: unexpected status code https://docker.mirrors.ustc.edu.cn/v2/library/busybox/blobs/sha256:8c811b4aec35f259572d0f79207bc0678df4c736eeec50bc9fec37ed936a472a?ns=docker.io: 403 Forbidden
curl -X GET -H "Accept: application/vnd.docker.distribution.manifest.list.v2+json" https://docker.mirrors.ustc.edu.cn/v2/library/busybox/blobs/sha256:8c811b4aec35f259572d0f79207bc0678df4c736eeec50bc9fec37ed936a472a?ns=docker.io
<html>
<head><title>403 Forbidden</title></head>
<body>
<center><h1>403 Forbidden</h1></center>
<hr><center>openresty</center>
</body>
</html>
vim /etc/containerd/config.toml
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
endpoint = ["https://docker.m.daocloud.io","http://hub-mirror.c.163.com"]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."gcr.io"]
endpoint = ["gcr.m.daocloud.io"]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."k8s.gcr.io"]
endpoint = ["k8s-gcr.m.daocloud.io"]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."quay.io"]
endpoint = ["quay.m.daocloud.io"]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."registry.k8s.io"]
endpoint = ["k8s.m.daocloud.io"]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.elastic.co"]
endpoint = ["elastic.m.daocloud.io"]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."harbor.sundayhk.com"]
endpoint = ["https://harbor.sundayhk.com"]
[plugins."io.containerd.grpc.v1.cri".registry.configs]
[plugins."io.containerd.grpc.v1.cri".registry.configs."harbor.sundayhk.com"]
[plugins."io.containerd.grpc.v1.cri".registry.configs."harbor.sundayhk.com".tls]
insecure_skip_verify = true
[plugins."io.containerd.grpc.v1.cri".registry.configs."harbor.sundayhk.com".auth]
username = "admin"
password = "Harbor12345"
containerd systemd 默认设置了KillMode=process,重启不会杀死运行的容器
systemctl daemon-reload
systemctl restart containerd
crictl info | grep -A5 mirrors
"mirrors": {
"docker.io": {
"endpoint": [
"https://docker.m.daocloud.io",
"http://hub-mirror.c.163.com"
]
注意:这个配置文件是给crictl和kubelet使用,ctr是不可以用这个配置文件的,ctr 不使用 CRI,因此它不读取plugins."io.containerd.grpc.v1.cri"配置。
如果你使用ctr或者nerdctl,是不会读取/etc/containerd/config.toml的配置如mirros,私有仓库。
nerdctl tag docker.io/library/busybox:1.28 harbor.sundayhk.com/xlp/busybox:1.28
# ctr -n k8s.io images tag docker.io/library/busybox:1.28 harbor.sundayhk.com/xlp/busybox:1.28
ctr -n k8s.io images push harbor.sundayhk.com/xlp/busybox:1.28 --skip-verify --user admin:Harbor12345
# 注意可能会出现 ctr: content digest sha256:xxxxxx not found,解决办法,下载完整的
ctr image pull --all-platforms docker.io/library/redis:alpine
# crictl则会读取/etc/containerd/config.toml
crictl pull harbor.sundayhk.com/xlp/busybox:1.28
【云原生】Containerd ctr 和 crictl 客户端命令介绍与实战操作(nerdctl )