RKE2部署kubernetes(三)工作agent节点配置本地harbor私有镜像仓库

目录

    • 1、配置本地镜像仓库地址
    • 2、重启rke2-agent.service
    • 3、使用示例
    • 4、更多
      • 4.1 若本地镜像仓库使用https,并使用TLS是配置如下:
      • 4.2若本地镜像仓库使用https,不使用TLS是配置如下:

本地搭建了harbor镜像仓库,使用的是http(https未启用)

以下均在agent节点操作

1、配置本地镜像仓库地址

11:52 root@k8s-rke2-worker03:/etc/rancher/rke2 
$vim registries.yaml
11:52 root@k8s-rke2-worker03:/etc/rancher/rke2 
$cat registries.yaml
mirrors:
  docker.io:
    endpoint:
      - "http://10.10.0.95:8080"
configs:
  "10.10.0.95:8080":
    auth:
      username: admin
      password: Harbor123456
11:53 root@k8s-rke2-node01:/etc/rancher/rke2
$

2、重启rke2-agent.service

11:54 root@k8s-rke2-node01:~
$ systemctl restart rke2-agent.service

说明:重启rke2-agent.service服务后配置会同步到/var/lib/rancher/rke2/agent/etc/containerd/config.toml文件,并生效。

3、使用示例

注意:配置的mirror名称,上面配置文件中名称用的docker.io
如镜像地址为:http://10.10.0.95:8080/ponycloud/frontend:20230810
之前docker需要配置/etc/docker/demon.json文件,然后docker pull http://10.10.0.95:8080/ponycloud/frontend:20230810拉取

Containerd 拉取私有镜像仓库如下

#使用containerd拉取
11:36 root@k8s-rke2-node01:~
$crictl pull docker.io/ponycloud/frontend:20230810
Image is up to date for sha256:e8ed12a6bb4604907c42159206af53194e32869409833f938f70c816d846bd27
11:41 root@k8s-rke2-node01:~ 
$crictl images
IMAGE                                                                                        TAG                                        IMAGE ID            SIZE
10.10.0.95:8080/ponycloud/frontend                                                           20230810                                   e8ed12a6bb460       65.5MB
11:42 root@k8s-rke2-node01:~
$

4、更多

4.1 若本地镜像仓库使用https,并使用TLS是配置如下:

配置 /etc/rancher/rke2/registries.yaml

具有身份验证:

mirrors:
  docker.io:
    endpoint:
      - "https://registry.example.com:5000"
configs:
  "registry.example.com:5000":
    auth:
      username: xxxxxx # this is the registry username
      password: xxxxxx # this is the registry password
    tls:
      cert_file:            # path to the cert file used to authenticate to the registry
      key_file:             # path to the key file for the certificate used to authenticate to the registry
      ca_file:              # path to the ca file used to verify the registry's certificate
      insecure_skip_verify: # may be set to true to skip verifying the registry's certificate

没有身份验证:

mirrors:
  docker.io:
    endpoint:
      - "https://registry.example.com:5000"
configs:
  "registry.example.com:5000":
    tls:
      cert_file:            # path to the cert file used to authenticate to the registry
      key_file:             # path to the key file for the certificate used to authenticate to the registry
      ca_file:              # path to the ca file used to verify the registry's certificate
      insecure_skip_verify: # may be set to true to skip verifying the registry's certificate

4.2若本地镜像仓库使用https,不使用TLS是配置如下:

配置 /etc/rancher/rke2/registries.yaml

具有身份验证:

mirrors:
  docker.io:
    endpoint:
      - "https://registry.example.com:5000"
configs:
  "registry.example.com:5000":
    auth:
      username: xxxxxx # this is the registry username
      password: xxxxxx # this is the registry password

没有身份验证:

mirrors:
  docker.io:
    endpoint:
      - "https://registry.example.com:5000"

参考:

https://docs.rke2.io/zh/advanced#%E9%85%8D%E7%BD%AE-containerd

https://docs.rke2.io/zh/install/containerd_registry_configuration

https://docs.rke2.io/zh/advanced#%E9%85%8D%E7%BD%AE-containerd

https://docs.rke2.io/zh/install/containerd_registry_configuration

https://github.com/containerd/cri/blob/release/1.2/docs/registry.md

你可能感兴趣的:(k8s,Devops,kubernetes,容器,云原生)