前言
接前面的环境
K8S 1.24以后开始启用docker作为CRI,这里用containerd拉取
参考文档
正文
vim /etc/containerd/config.toml
#修改内容如下
#sandbox_image = "registry.aliyuncs.com/google_containers/pause:3.10"
systemd_cgroup = true
[plugins."io.containerd.grpc.v1.cri".registry.configs]
# 内部私有仓库认证信息
[plugins."io.containerd.grpc.v1.cri".registry.configs."192.168.86.100".tls]
insecure_skip_verify = true # 是否跳过证书认证
#ca_file = "/etc/containerd/192.168.86.100/ca.pem" # CA 证书
#cert_file = "/etc/containerd/192.168.86.100/weiheng-basic-sevice.pem" # harbor证书
#key_file = "/etc/containerd/192.168.86.100/weiheng-basic-sevice.key" # harbor私钥
[plugins."io.containerd.grpc.v1.cri".registry.configs."192.168.86.100".auth]
username = "admin"
password = "Harbor12345"
[plugins."io.containerd.grpc.v1.cri".registry.headers]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
# 内部私有仓库配置
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."192.168.86.100"]
endpoint = ["http://192.168.86.100:80"]
# 如下这些仓库可以作为公共仓库使用
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
endpoint = ["https://docker.mirrors.ustc.edu.cn","http://hub-mirror.c.163.com"]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."gcr.io"]
endpoint = ["https://gcr.mirrors.ustc.edu.cn"]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."k8s.gcr.io"]
endpoint = ["https://gcr.mirrors.ustc.edu.cn/google-containers/"]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."quay.io"]
endpoint = ["https://quay.mirrors.ustc.edu.cn"]
#重启一下containerd
systemctl daemon-reload && systemctl restart containerd.service
测试
从下图可以看到,我这边没有安装docker,containerd拉取镜像创建pod成功了