k8s搭配containerd：如何从harbor私有仓库pull镜像

k8s搭配containerd：如何从harbor私有仓库pull镜像

containerd 实现了 kubernetes 的 Container Runtime Interface (CRI) 接口，提供容器运行时核心功能，如镜像管理、容器管理等，相比 dockerd 更加简单、健壮和可移植。
从docker过度还是需要一点时间慢慢习惯的，今天来探讨containerd 如何从私有仓库harbor下载镜像！
containerd 不能像docker一样 docker login harbor.example.com 登录到镜像仓库。无法从harbor拉取到镜像。
解决办法：
更改containerd 的config.toml文件
可通过命令：containerd config default> /etc/containerd/config.toml 生成默认配置文件！
文件路径：

[root@k8s02 containerd]# pwd
/etc/containerd
[root@k8s02 containerd]# ls
config.toml  config.toml.rpmnew
[root@k8s02 containerd]# 

添加如下内容：

[plugins."io.containerd.grpc.v1.cri".registry]
  [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
    [plugins."io.containerd.grpc.v1.cri".registry.mirrors."harbor.creditgogogo.com"]
      endpoint = ["https://harbor.creditgogogo.com"]
  [plugins."io.containerd.grpc.v1.cri".registry.configs]
    [plugins."io.containerd.grpc.v1.cri".registry.configs."harbor.creditgogogo.com".tls]
      insecure_skip_verify = true
    [plugins."io.containerd.grpc.v1.cri".registry.configs."harbor.creditgogogo.com".auth]
      username = "admin"
      password = "Harbor12345"

完整内容如下：

[root@k8s02 containerd]# cat config.toml
version = 2
root = "/data/k8s/containerd/root"
state = "/data/k8s/containerd/state"

[plugins]
  [plugins."io.containerd.grpc.v1.cri"]
    sandbox_image = "registry.cn-beijing.aliyuncs.com/images_k8s/pause-amd64:3.1"
    [plugins."io.containerd.grpc.v1.cri".cni]
      bin_dir = "/opt/k8s/bin"
      conf_dir = "/etc/cni/net.d"
    [plugins."io.containerd.grpc.v1.cri".registry]
      [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."harbor.creditgogogo.com"]
          endpoint = ["https://harbor.creditgogogo.com"]
      [plugins."io.containerd.grpc.v1.cri".registry.configs]
        [plugins."io.containerd.grpc.v1.cri".registry.configs."harbor.creditgogogo.com".tls]
          insecure_skip_verify = true
        [plugins."io.containerd.grpc.v1.cri".registry.configs."harbor.creditgogogo.com".auth]
          username = "admin"
          password = "Harbor12345"
  [plugins."io.containerd.runtime.v1.linux"]
    shim = "containerd-shim"
    runtime = "runc"
    runtime_root = ""
    no_shim = false
    shim_debug = false

修改完之后重启containerd服务

systemctl status containerd.service

最后查看pod 状态，已成功拉取到harbor镜像！
kubectl describe pod rabbitmq-0

[root@k8s01 containerd]# kubectl get pod -o wide
Events:
  Type     Reason     Age                From               Message
  ----     ------     ----               ----               -------
  Normal   Scheduled  27m                default-scheduler  Successfully assigned default/rabbitmq-0 to k8s01
  Normal   Pulling    27m (x2 over 27m)  kubelet, k8s01     Pulling image "harbor.creditgogogo.com/ops/centos7.5-erlang-rabbitmq2.8"
  Warning  Failed     27m (x2 over 27m)  kubelet, k8s01     Failed to pull image "harbor.creditgogogo.com/ops/centos7.5-erlang-rabbitmq2.8": rpc error: code = Unknown desc = failed to pull and unpack image "harbor.creditgogogo.com/ops/centos7.5-erlang-rabbitmq2.8:latest": failed to resolve reference "harbor.creditgogogo.com/ops/centos7.5-erlang-rabbitmq2.8:latest": failed to do request: Head https://harbor.creditgogogo.com/v2/ops/centos7.5-erlang-rabbitmq2.8/manifests/latest: x509: certificate signed by unknown authority
  Warning  Failed     27m (x2 over 27m)  kubelet, k8s01     Error: ErrImagePull
  Normal   BackOff    27m (x3 over 27m)  kubelet, k8s01     Back-off pulling image "harbor.creditgogogo.com/ops/centos7.5-erlang-rabbitmq2.8"
  Warning  Failed     27m (x3 over 27m)  kubelet, k8s01     Error: ImagePullBackOff
  Normal   Pulling    26m                kubelet, k8s01     Pulling image "harbor.creditgogogo.com/ops/centos7.5-erlang-rabbitmq2.8"
  Normal   Pulled     26m                kubelet, k8s01     Successfully pulled image "harbor.creditgogogo.com/ops/centos7.5-erlang-rabbitmq2.8"
  Normal   Created    26m                kubelet, k8s01     Created container rabbitmq
  Normal   Started    26m                kubelet, k8s01     Started container rabbitmq

参考连接：https://www.jianshu.com/p/aa0f49ad614f
参考连接：https://blog.csdn.net/laomeng2019/article/details/90300866