我的版本是kubernetes V1.20.1 容器用的是containerd而不是Docker。现在我无法从我的私有仓库(Harbor)中拉取Docker镜像。
我已经把/etc/containerd/config.toml改成如下配置。
[plugins."io.containerd.grpc.v1.cri".registry]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
endpoint = ["https://registry-1.docker.io"]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."registry.foo.com"]
endpoint = ["https://registry.foo.com"]
[plugins."io.containerd.grpc.v1.cri".registry.configs]
[plugins."io.containerd.grpc.v1.cri".registry.configs."registry.foo.com"]
[plugins."io.containerd.grpc.v1.cri".registry.configs."registry.foo.com".auth]
username = "admin"
password = "Harbor12345"
但这并不奏效。拉动失败了,错误信息如下。
Failed to pull image "registry.foo.com/library/myimage:latest": rpc error: code = Unknown
desc = failed to pull and unpack image "registry.foo.com/library/myimage:latest": failed to
resolve reference "registry.foo.com/library/myimage:latest": unexpected status code
[manifests latest]: 401 Unauthorized
我的Harbor注册表可通过HTTPS使用Let's Encrypt证书。所以https在这里应该不是问题。
即使我尝试创建一个docker-secret,也没有成功。
kubectl create secret docker-registry registry.foo.com --docker-server=https://registry.foo.com --docker-username=admin --docker-password=Harbor12345 --docker-email=info@foo.com
谁能给我一个例子,如何在Kubernetes中用containerd配置私有仓库?
在
pod/deployment中设置imagePullSecrets。apiVersion: v1 kind: Pod metadata: name: private-reg spec: containers: - name: private-reg-container image: <your-private-image> imagePullSecrets: - name: registry感谢,可以用,我在对应的namespace中创建了
secret之后成功了。大佬,请问那边containerd用哪个版本?
我在使用1.3.10版本中,导入本地镜像失败。命令如下:
ctr image -n=k8s.io import pause-v3.2.tar
你的答案