在容器中添加不安全的注册表 [英] Adding insecure registry in containerd
本文介绍了在容器中添加不安全的注册表的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
尝试将不安全的注册表添加到容器配置中,如下所示:
Trying to add insecure registry to containerd config as below:
[plugins."io.containerd.grpc.v1.cri".cni]
bin_dir = "/opt/cni/bin"
conf_dir = "/etc/cni/net.d"
max_conf_num = 1
conf_template = ""
[plugins."io.containerd.grpc.v1.cri".registry]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
endpoint = ["https://registry-1.docker.io"]
[plugin."io.containerd.grpc.v1.cri".registry.mirrors."test.http-registry.io"]
endpoint = ["http://v048011.dom600.lab:5000"]
即使将其添加到 config.toml
中之后,当从不安全的注册表中提取图像时,它也会失败:
Even after adding it to config.toml
, when pulling image from the insecure registry, it fails:
sudo ctr image pull v048011.dom600.lab:5000:5000/myjenkins:latest
ctr: failed to resolve reference "v048011.dom600.lab:5000/myjenkins:latest": failed to do request: Head https://v048011.dom600.lab:5000:5000/v2/myjenkins/manifests/latest: http: server gave HTTP response to HTTPS client
在 docker
中,我们可以将 insecure注册表
添加到 daemon.json
文件中,而docker会从中提取图像,我该如何实现在 containerd
中也一样吗?在k8s集群中将docker替换为运行时.
In docker
we could just add the insecure registry
to daemon.json
file and docker would pull images from it, how can i achieve the same in containerd
?
Replacing docker as runtime in k8s cluster.
推荐答案
添加以下配置:
[plugins."io.containerd.grpc.v1.cri".cni]
bin_dir = "/opt/cni/bin"
conf_dir = "/etc/cni/net.d"
max_conf_num = 1
conf_template = ""
[plugins."io.containerd.grpc.v1.cri".registry]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
endpoint = ["https://registry-1.docker.io"]
[plugin."io.containerd.grpc.v1.cri".registry.mirrors."test.http-registry.io"]
endpoint = ["http://v048011.dom600.lab:5000"]
[plugins."io.containerd.grpc.v1.cri".registry.configs]
[plugins."io.containerd.grpc.v1.cri".registry.configs."test.http-registry.io".tls]
insecure_skip_verify = true
应跳过测试注册表的TLS验证.另请参见注册表TLS通信中的文档配置.
should skip TLS verification for the test registry. See also the documentation on registry TLS communication configuration.
这篇关于在容器中添加不安全的注册表的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文