以下均在agent节点
操作
11:52 root@k8s-rke2-worker03:/etc/rancher/rke2
$vim registries.yaml
11:52 root@k8s-rke2-worker03:/etc/rancher/rke2
$cat registries.yaml
mirrors:
docker.io:
endpoint:
- "http://10.10.0.95:8080"
configs:
"10.10.0.95:8080":
auth:
username: admin
password: Harbor123456
11:53 root@k8s-rke2-node01:/etc/rancher/rke2
$
11:54 root@k8s-rke2-node01:~
$ systemctl restart rke2-agent.service
说明:重启rke2-agent.service服务后配置会同步到/var/lib/rancher/rke2/agent/etc/containerd/config.toml文件,并生效。
注意:配置的mirror名称,上面配置文件中名称用的docker.io
如镜像地址为:http://10.10.0.95:8080/ponycloud/frontend:20230810
之前docker需要配置/etc/docker/demon.json文件,然后docker pull http://10.10.0.95:8080/ponycloud/frontend:20230810拉取
Containerd 拉取私有镜像仓库如下
#使用containerd拉取
11:36 root@k8s-rke2-node01:~
$crictl pull docker.io/ponycloud/frontend:20230810
Image is up to date for sha256:e8ed12a6bb4604907c42159206af53194e32869409833f938f70c816d846bd27
11:41 root@k8s-rke2-node01:~
$crictl images
IMAGE TAG IMAGE ID SIZE
10.10.0.95:8080/ponycloud/frontend 20230810 e8ed12a6bb460 65.5MB
11:42 root@k8s-rke2-node01:~
$
配置 /etc/rancher/rke2/registries.yaml
。
具有身份验证:
mirrors:
docker.io:
endpoint:
- "https://registry.example.com:5000"
configs:
"registry.example.com:5000":
auth:
username: xxxxxx # this is the registry username
password: xxxxxx # this is the registry password
tls:
cert_file: # path to the cert file used to authenticate to the registry
key_file: # path to the key file for the certificate used to authenticate to the registry
ca_file: # path to the ca file used to verify the registry's certificate
insecure_skip_verify: # may be set to true to skip verifying the registry's certificate
没有身份验证:
mirrors:
docker.io:
endpoint:
- "https://registry.example.com:5000"
configs:
"registry.example.com:5000":
tls:
cert_file: # path to the cert file used to authenticate to the registry
key_file: # path to the key file for the certificate used to authenticate to the registry
ca_file: # path to the ca file used to verify the registry's certificate
insecure_skip_verify: # may be set to true to skip verifying the registry's certificate
配置 /etc/rancher/rke2/registries.yaml
。
具有身份验证:
mirrors:
docker.io:
endpoint:
- "https://registry.example.com:5000"
configs:
"registry.example.com:5000":
auth:
username: xxxxxx # this is the registry username
password: xxxxxx # this is the registry password
没有身份验证:
mirrors:
docker.io:
endpoint:
- "https://registry.example.com:5000"
参考:
https://docs.rke2.io/zh/advanced#%E9%85%8D%E7%BD%AE-containerd
https://docs.rke2.io/zh/install/containerd_registry_configuration
https://docs.rke2.io/zh/advanced#%E9%85%8D%E7%BD%AE-containerd
https://docs.rke2.io/zh/install/containerd_registry_configuration
https://github.com/containerd/cri/blob/release/1.2/docs/registry.md