分享交流
合作共赢!

Containerd镜像仓库配置参数

在kubernetes v1.20版本之后开始用containerd作为集群运行时(runtime),替代了docker。对于containerd的使用和介绍以及源码可以直接在GitHub代码仓库查看。

  1. 报错:

默认情况下,安装部署高版本k8s后,在pull image的时候可能会遇到如下报错:

Events:
  Type     Reason     Age               From               Message
  ----     ------     ----              ----               -------
  Normal   Scheduled  17s               default-scheduler  Successfully assigned default/web-terminal-6b4bbf9888-vghxn to worker5
  Normal   BackOff    17s               kubelet            Back-off pulling image "harbor.xxx.com/cirrus/cirrus-terminal/main:1.2.0"
  Warning  Failed     17s               kubelet            Error: ImagePullBackOff
  Normal   Pulling    4s (x2 over 17s)  kubelet            Pulling image "harbor.xxx.com/cirrus/cirrus-terminal/main:1.2.0"
  Warning  Failed     4s (x2 over 17s)  kubelet            Failed to pull image "harbor.xxx.com/cirrus/cirrus-terminal/main:1.2.0": rpc error: code = Unknown desc = failed t                                             o pull and unpack image "harbor.xxx.com/cirrus/cirrus-terminal/main:1.2.0": failed to resolve reference "harbor.xxx.com/cirrus/cirrus-terminal/main:1.2.0": failed to do req                                             uest: Head "https://harbor.xxx.com/v2/cirrus/cirrus-terminal/main/manifests/1.2.0": x509: certificate signed by unknown authority
  Warning  Failed     4s (x2 over 17s)  kubelet            Error: ErrImagePull

解决方法:

根据环境依赖的不同,可能需要配置镜像仓库参数,下面是一个示例(参考官方介绍)。

root@worker:/etc/containerd# tree
.
├── certs.d
│   ├── amaas.cec.lab.com:5074
│   │   ├── ca.crt
│   │   └── hosts.toml
│   └── harbor.xxx.com
│       ├── ca.crt
│       └── hosts.toml
└── config.toml

3 directories, 5 files
root@worker:/etc/containerd# cat config.toml
# /etc/containerd/config.toml
version = 2

[plugins."io.containerd.grpc.v1.cri".registry]
  config_path="/etc/containerd/certs.d"
root@worker:/etc/containerd# cat certs.d/amaas.cec.lab.com\:5074/hosts.toml
server = "amaas.cec.lab.com:5074"
[host."amaas.cec.lab.com:5074"]
  capabilities = ["pull", "resolve"]
  ca = "ca.crt"
root@worker:/etc/containerd#
root@worker:/etc/containerd# cat certs.d/harbor.xxx.com/hosts.toml
server = "https://harbor.xxx.com"
[host."https://harbor.xxx.com"]
  capabilities = ["pull", "resolve"]
  ca = "ca.crt"

获取私有证书:

echo -n | openssl s_client -showcerts -connect harbor.xxx.com:443 2>/dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /etc/docker/certs.d/harbor.dell.com/ca.crt

2. 报错:

root@worker5:~# crictl pull harbor.xxx.com/cirrus/cirrus-terminal/main:1.2.0
DEBU[0000] get image connection
DEBU[0000] PullImageRequest: &PullImageRequest{Image:&ImageSpec{Image:harbor.xxx.com/cirrus/cirrus-terminal/main:1.2.0,Annotations:map[string]string{},},Auth:nil,SandboxConf                                             ig:nil,}
E0321 06:11:37.909786 3580468 remote_image.go:171] "PullImage from image service failed" err="rpc error: code = Unknown desc = failed to pull and unpack image \"harbor.xxx.c                                             om/cirrus/cirrus-terminal/main:1.2.0\": failed to resolve reference \"harbor.xxx.com/cirrus/cirrus-terminal/main:1.2.0\": failed to do request: Head \"https://harbor.xxx.co                                             m/v2/cirrus/cirrus-terminal/main/manifests/1.2.0\": x509: certificate signed by unknown authority" image="harbor.xxx.com/cirrus/cirrus-terminal/main:1.2.0"
FATA[0000] pulling image: rpc error: code = Unknown desc = failed to pull and unpack image "harbor.xxx.com/cirrus/cirrus-terminal/main:1.2.0": failed to resolve reference "h                                             arbor.dell.com/cirrus/cirrus-terminal/main:1.2.0": failed to do request: Head "https://harbor.xxx.com/v2/cirrus/cirrus-terminal/main/manifests/1.2.0": x509: certificate sign                                             ed by unknown authority

解决方法:

root@worker:/etc/containerd# cat /etc/crictl.yaml
runtime-endpoint: unix:///run/containerd/containerd.sock
image-endpoint: unix:///run/containerd/containerd.sock
timeout: 2
debug: true
pull-image-on-create: false
赞(0) 打赏
未经允许不得转载:琼杰笔记 » Containerd镜像仓库配置参数

相关推荐

  • 暂无文章

评论 抢沙发

评论前必须登录!

 

分享交流,合作共赢!

联系我们加入QQ群

觉得文章有用就打赏一下文章作者

非常感谢你的打赏,我们将继续给力更多优质内容,让我们一起创建更加美好的网络世界!

支付宝扫一扫打赏

微信扫一扫打赏

登录

找回密码

注册