Janrs.com | 杨建勇
Janrs.com | 杨建勇

kubeadm部署k8s containerd设置harbor镜像地址以及非安全证书

containerd设置harbor镜像地址以及非安全证书

转载请注明来源:https://janrs.com


如果没有配置证书直接拉取镜像会出现以下错误:


INFO[0000] trying next host                              error="failed to do request: Head \"https://reg.baidu.com/v2/rakour-dev/rakour-api/manifests/sha256:2cc4c70a07e2280b31257aa3a6895ca9a8bd790ddb14b925bf0fad2b42e622b1\": x509: certificate is not valid for any names, but wanted to match re.baidu.com" host="reg.baidu.com"
INFO[0000] trying next host                              error="failed to do request: Head \"https://reg.baidu.com/v2/rakour-dev/rakour-api/blobs/sha256:2cc4c70a07e2280b31257aa3a6895ca9a8bd790ddb14b925bf0fad2b42e622b1\": x509: certificate is not valid for any names, but wanted to match reg.baidu.com" host="reg.baidu.com:"
ctr: failed to resolve reference "registry.baidu.com:110/rakour-dev/rakour-api@sha256:2cc4c70a07e2280b31257aa3a6895ca9a8bd790ddb14b925bf0fad2b42e622b1": failed to do request: Head "https://reg.baidu.com:110/v2/rakour-dev/rakour-api/manifests/sha256:2cc4c70a07e2280b31257aa3a6895ca9a8bd790ddb14b925bf0fad2b42e622b1": x509: certificate is not valid for any names, but wanted to match reg.baidu.com

生成默认配置

kubeadm 安装的 k8s 默认的 containerd 没有生成配置,需要创建,执行命令:


containerd config default > /etc/containerd/config.toml

打开配置文件:vim /etc/containerd/config.toml ,在 143 行开始找到对应的配置模块,添加以下配置:


    [plugins."io.containerd.grpc.v1.cri".registry]
      config_path = ""

      [plugins."io.containerd.grpc.v1.cri".registry.auths]

      [plugins."io.containerd.grpc.v1.cri".registry.configs]
        # 内部私有仓库认证信息
        [plugins."io.containerd.grpc.v1.cri".registry.configs."reg.baidu.com:110"]
          [plugins."io.containerd.grpc.v1.cri".registry.configs."reg.baidu.com:110".tls]
            insecure_skip_verify = true # 是否跳过证书认证
            # ca_file = "/path/to/ca.crt" # CA 证书
          [plugins."io.containerd.grpc.v1.cri".registry.configs."reg.baidu.com:110".auth]
            username = "username"
            password = "password"

      [plugins."io.containerd.grpc.v1.cri".registry.headers]

      [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
        # 通用镜像中心
        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
          endpoint = ["https://docker.mirrors.ustc.edu.cn","http://hub-mirror.c.163.com"]
        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."gcr.io"]
          endpoint = ["https://gcr.mirrors.ustc.edu.cn"]
        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."k8s.gcr.io"]
          endpoint = ["https://gcr.mirrors.ustc.edu.cn/google-containers/"]
        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."quay.io"]
          endpoint = ["https://quay.mirrors.ustc.edu.cn"]
        # 私有镜像中心
        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."reg.baidu.com:110"]
          endpoint = ["https://reg.baidu.com:110"]

转载请注明来源:https://janrs.com

如果你有任何问题,欢迎在底部留言。或者点击加入微信技术交流群 | 我的GitHub

码仔

文章作者

Janrs.com

发表回复

textsms
account_circle
email

Janrs.com | 杨建勇

kubeadm部署k8s containerd设置harbor镜像地址以及非安全证书
containerd设置harbor镜像地址以及非安全证书 转载请注明来源:https://janrs.com 如果没有配置证书直接拉取镜像会出现以下错误: INFO[0000] trying next host …
扫描二维码继续阅读
2022-02-26