说明
在日常使用容器时,安全方便起见一般都会使用到私有仓库,一般都是采用 harbor 作为私有仓库,docker 对接 harbor 仓库非常简单,那么 containerd 如何对接 harbor 呢?
在内网使用 harbor 根据个人习惯,一般都是非 http 并且是通过IP 直接访问,如下:
harbor仓库地址为:http://192.168.10.250:80 ,containerd 如何上传或者下载镜像呢?
配置说明
生成配置文件
如果之前生成有就可以不用管了,否则会覆盖。
[root@kube-master ~]# mkdir -p /etc/containerd/
[root@kube-master ~]# containerd config default > /etc/containerd/config.toml
修改配置
大概从140多行开始
[root@kube-master ~]# vim /etc/containerd/config.toml
[plugins."io.containerd.grpc.v1.cri".registry]
config_path = "/etc/containerd/certs.d #修改该行的配置信息
创建目录并添加配置
#上面的目录+harbor仓库地址
[root@kube-master ~]# mkdir /etc/containerd/certs.d/192.168.10.250:80
#编写 harbor 配置
[root@kube-master ~]# vim /etc/containerd/certs.d/192.168.10.250\:80/hosts.toml
server = "http://192.168.10.250:80"
[host."http://192.168.10.250:80"]
capabilities = ["pull", "resolve", "push"]
skip_verify = true
重启服务
[root@kube-master ~]# systemctl restart containerd
验证上传下载
准备镜像
首先,从网络上下载一个镜像
[root@kube-master ~]# nerdctl pull ustc-edu-cn.mirror.aliyuncs.com/library/nginx:latest
[root@kube-master ~]# nerdctl images
REPOSITORY TAG IMAGE ID CREATED PLATFORM SIZE BLOB SIZE
mynginx v1 786482a9a8cf 4 hours ago linux/amd64 149.1 MiB 54.1 MiB
ustc-edu-cn.mirror.aliyuncs.com/library/nginx latest 0d17b565c37b 4 hours ago linux/amd64 149.1 MiB 54.1 MiB
为该镜像打TAG
[root@kube-master ~]# nerdctl tag ustc-edu-cn.mirror.aliyuncs.com/library/nginx:latest
[root@kube-master ~]# nerdctl images
REPOSITORY TAG IMAGE ID CREATED PLATFORM SIZE BLOB SIZE
192.168.10.250/library/nginx latest 0d17b565c37b 12 seconds ago linux/amd64 149.1 MiB 54.1 MiB
mynginx v1 786482a9a8cf 4 hours ago linux/amd64 149.1 MiB 54.1 MiB
ustc-edu-cn.mirror.aliyuncs.com/library/nginx latest 0d17b565c37b 5 hours ago linux/amd64 149.1 MiB 54.1 MiB
登录harbor
[root@kube-master ~]# nerdctl login 192.168.10.250
Enter Username: admin
Enter Password:
WARN[0004] skipping verifying HTTPS certs for "192.168.10.250"
WARNING: Your password will be stored unencrypted in /root/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store
Login Succeeded
上传镜像
上传到 harbor 仓库
[root@kube-master ~]# nerdctl push 192.168.10.250/library/nginx:latest
INFO[0000] pushing as a reduced-platform image (application/vnd.docker.distribution.manifest.list.v2+json, sha256:b33f0d57636f392150918b206b91f32ab4d0a56cdba9e1b58acae3ea176fdffc)
WARN[0000] skipping verifying HTTPS certs for "192.168.10.250"
index-sha256:b33f0d57636f392150918b206b91f32ab4d0a56cdba9e1b58acae3ea176fdffc: waiting |--------------------------------------|
manifest-sha256:ee89b00528ff4f02f2405e4ee221743ebc3f8e8dd0bfd5c4c20a2fa2aaa7ede3: waiting |--------------------------------------|
config-sha256:605c77e624ddb75e6110f997c58876baa13f8754486b461117934b24a9dc3a85: waiting |--------------------------------------|
elapsed: 0.1 s total: 0.0 B (0.0 B/s)
WARN[0000] server "192.168.10.250" does not seem to support HTTPS, falling back to plain HTTP error="failed to do request: Head \"https://192.168.10.250/v2/library/nginx/blobs/sha256:b4df32aa5a72e2a4316aad3414508ccd907d87b4ad177abd7cbd62fa4dab2a2f\": dial tcp 192.168.10.250:443: connect: connection refused"
index-sha256:b33f0d57636f392150918b206b91f32ab4d0a56cdba9e1b58acae3ea176fdffc: waiting |--------------------------------------|
manifest-sha256:ee89b00528ff4f02f2405e4ee221743ebc3f8e8dd0bfd5c4c20a2fa2aaa7ede3: waiting |--------------------------------------|
config-sha256:605c77e624ddb75e6110f997c58876baa13f8754486b461117934b24a9dc3a85: waiting |--------------------------------------|
elapsed: 1.3 s
可以看到已经上传完成,中间有个小的警告,不影响使用。
harbor仓库查看镜像
可以看到,镜像已经上传到 harbor 仓库了。
删除本地镜像
[root@kube-master ~]# nerdctl rmi 192.168.10.250/library/nginx:latest
Untagged: 192.168.10.250/library/nginx:latest@sha256:0d17b565c37bcbd895e9d92315a05c1c3c9a29f762b011a10c54a66cd53c9b31
Deleted: sha256:2edcec3590a4ec7f40cf0743c15d78fb39d8326bc029073b41ef9727da6c851f
Deleted: sha256:e379e8aedd4d72bb4c529a4ca07a4e4d230b5a1d3f7a61bc80179e8f02421ad8
Deleted: sha256:b8d6e692a25e11b0d32c5c3dd544b71b1085ddc1fddad08e68cbd7fda7f70221
Deleted: sha256:f1db227348d0a5e0b99b15a096d930d1a69db7474a1847acbc31f05e4ef8df8c
Deleted: sha256:32ce5f6a5106cc637d09a98289782edf47c32cb082dc475dd47cbf19a4f866da
Deleted: sha256:d874fd2bc83bb3322b566df739681fbd2248c58d3369cb25908d68e7ed6040a6
启动容器
目前本地是没有镜像的,直接通过 nerdctl run 启动容器。当本地没有镜像时,会直接从 harbor 拉取镜像。
[root@kube-master ~]# nerdctl run --name ngx -d -p 80:80 192.168.10.250/library/nginx:latest
WARN[0000] skipping verifying HTTPS certs for "192.168.10.250"
INFO[0000] trying next host error="failed to do request: Head \"https://192.168.10.250/v2/library/nginx/manifests/latest\": dial tcp 192.168.10.250:443: connect: connection refused" host=192.168.10.250
WARN[0000] server "192.168.10.250" does not seem to support HTTPS, falling back to plain HTTP error="failed to resolve reference \"192.168.10.250/library/nginx:latest\": failed to do request: Head \"https://192.168.10.250/v2/library/nginx/manifests/latest\": dial tcp 192.168.10.250:443: connect: connection refused"
192.168.10.250/library/nginx:latest: resolving |--------------------------------------|
elapsed: 0.1 s total: 0.0 B (0.0 B/s)
192.168.10.250/library/nginx:latest: resolved |++++++++++++++++++++++++++++++++++++++|
index-sha256:b33f0d57636f392150918b206b91f32ab4d0a56cdba9e1b58acae3ea176fdffc: done |++++++++++++++++++++++++++++++++++++++|
manifest-sha256:ee89b00528ff4f02f2405e4ee221743ebc3f8e8dd0bfd5c4c20a2fa2aaa7ede3: done |++++++++++++++++++++++++++++++++++++++|
config-sha256:605c77e624ddb75e6110f997c58876baa13f8754486b461117934b24a9dc3a85: done |++++++++++++++++++++++++++++++++++++++|
elapsed: 0.2 s total: 0.0 B (0.0 B/s)
1461f0b94382f3a67f779f102b75b77066ec88acdb32b5c885805310131bcd1c
[root@kube-master ~]# nerdctl ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1461f0b94382 192.168.10.250/library/nginx:latest "/docker-entrypoint.…" 7 seconds ago Up 0.0.0.0:80->80/tcp ngx
验证查看
[root@kube-master ~]# curl -I localhost
HTTP/1.1 200 OK
Server: nginx/1.21.5
Date: Mon, 24 Jun 2024 06:30:14 GMT
Content-Type: text/html
Content-Length: 615
Last-Modified: Tue, 28 Dec 2021 15:28:38 GMT
Connection: keep-alive
ETag: "61cb2d26-267"
Accept-Ranges: bytes
OK,nginx启动成功。
配置镜像加速
在上面的测试过程中,为啥会使用ustc-edu-cn.mirror.aliyuncs.com
这个镜像库,而没有使用默认的镜像仓库,其实原因很简单。国内因为某些因素访问不了docker.io。下面我们通过配置国内镜像加速的方式,为 docker.io 配置镜像加速,如下:
[root@kube-master ~]# mkdir -p /etc/containerd/certs.d/docker.io
[root@kube-master ~]# vim /etc/containerd/docker.io/hosts.toml
server = "https://docker.io"
[host."https://5sssm2l6.mirror.aliyuncs.com"] #注册阿里云可查看个人加速源
重启服务
[root@kube-master ~]# systemctl restart containerd
测试拉取镜像
[root@kube-master containerd]# nerdctl pull nginx:alpine
WARN[0000] skipping verifying HTTPS certs for "docker.io"
docker.io/library/nginx:alpine: resolved |++++++++++++++++++++++++++++++++++++++|
index-sha256:eb05700fe7baa6890b74278e39b66b2ed1326831f9ec3ed4bdc6361a4ac2f333: done |++++++++++++++++++++++++++++++++++++++|
manifest-sha256:544ba2bfe312bf2b13278495347bb9381ec342e630bcc8929af124f1291784bb: done |++++++++++++++++++++++++++++++++++++++|
config-sha256:cc44224bfe208a46fbc45471e8f9416f66b75d6307573e29634e7f42e27a9268: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:40e5d2fe5bcd566dbde3e961f33ced0f1503fc6ee320a427b185a07afe2f96ae: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:59bf1c3509f33515622619af21ed55bbe26d24913cedbca106468a5fb37a50c3: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:f3322597df46099a66ed5773c10a9d1cb587faca7be14ceba985e3d1fbfdbc36: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:d09cf91cabdcf5f64672598b8e4da9b0b7d8546e83ec49633bdd92abb994ba61: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:3a97535ac2efcf94ab3e5f93a6ec4d934469de66909f17ba1229f86ee660970a: done |++++++++++++++++++++++++++++++++++++++|
layer-sha256:919ade35f869e23d663ea51fdf2e99aa183239a73b4b4780e052c8b248ed5b7e: done |++++++++++++++++++++++++++++++++++++++|
elapsed: 20.1s total: 9.7 Mi (494.7 KiB/s)
[root@kube-master ~]# nerdctl images
REPOSITORY TAG IMAGE ID CREATED PLATFORM SIZE BLOB SIZE
192.168.10.250/library/nginx latest b33f0d57636f About an hour ago linux/amd64 149.1 MiB 54.1 MiB
mynginx v1 786482a9a8cf 6 hours ago linux/amd64 149.1 MiB 54.1 MiB
nginx alpine eb05700fe7ba 4 minutes ago linux/amd64 26.4 MiB 9.7 MiB
ustc-edu-cn.mirror.aliyuncs.com/library/nginx latest 0d17b565c37b 6 hours ago linux/amd64 149.1 MiB 54.1 MiB
更多关于containerd的知识分享,请前往博客主页。编写过程中,难免出现差错,敬请指出