kubeadm部署k8s containerd设置harbor镜像地址以及非安全证书

2022年2月26日 125点热度 682人点赞 0条评论

containerd设置harbor镜像地址以及非安全证书

转载请注明来源：https://janrs.com

如果没有配置证书直接拉取镜像会出现以下错误：


INFO[0000] trying next host                              error="failed to do request: Head \"https://reg.baidu.com/v2/rakour-dev/rakour-api/manifests/sha256:2cc4c70a07e2280b31257aa3a6895ca9a8bd790ddb14b925bf0fad2b42e622b1\": x509: certificate is not valid for any names, but wanted to match re.baidu.com" host="reg.baidu.com"
INFO[0000] trying next host                              error="failed to do request: Head \"https://reg.baidu.com/v2/rakour-dev/rakour-api/blobs/sha256:2cc4c70a07e2280b31257aa3a6895ca9a8bd790ddb14b925bf0fad2b42e622b1\": x509: certificate is not valid for any names, but wanted to match reg.baidu.com" host="reg.baidu.com:"
ctr: failed to resolve reference "registry.baidu.com:110/rakour-dev/rakour-api@sha256:2cc4c70a07e2280b31257aa3a6895ca9a8bd790ddb14b925bf0fad2b42e622b1": failed to do request: Head "https://reg.baidu.com:110/v2/rakour-dev/rakour-api/manifests/sha256:2cc4c70a07e2280b31257aa3a6895ca9a8bd790ddb14b925bf0fad2b42e622b1": x509: certificate is not valid for any names, but wanted to match reg.baidu.com

生成默认配置

kubeadm 安装的 k8s 默认的 containerd 没有生成配置，需要创建，执行命令：


containerd config default > /etc/containerd/config.toml

打开配置文件：vim /etc/containerd/config.toml ，在 143 行开始找到对应的配置模块，添加以下配置：


    [plugins."io.containerd.grpc.v1.cri".registry]
      config_path = ""

      [plugins."io.containerd.grpc.v1.cri".registry.auths]

      [plugins."io.containerd.grpc.v1.cri".registry.configs]
        # 内部私有仓库认证信息
        [plugins."io.containerd.grpc.v1.cri".registry.configs."reg.baidu.com:110"]
          [plugins."io.containerd.grpc.v1.cri".registry.configs."reg.baidu.com:110".tls]
            insecure_skip_verify = true # 是否跳过证书认证
            # ca_file = "/path/to/ca.crt" # CA 证书
          [plugins."io.containerd.grpc.v1.cri".registry.configs."reg.baidu.com:110".auth]
            username = "username"
            password = "password"

      [plugins."io.containerd.grpc.v1.cri".registry.headers]

      [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
        # 通用镜像中心
        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
          endpoint = ["https://docker.mirrors.ustc.edu.cn","http://hub-mirror.c.163.com"]
        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."gcr.io"]
          endpoint = ["https://gcr.mirrors.ustc.edu.cn"]
        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."k8s.gcr.io"]
          endpoint = ["https://gcr.mirrors.ustc.edu.cn/google-containers/"]
        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."quay.io"]
          endpoint = ["https://quay.mirrors.ustc.edu.cn"]
        # 私有镜像中心
        [plugins."io.containerd.grpc.v1.cri".registry.mirrors."reg.baidu.com:110"]
          endpoint = ["https://reg.baidu.com:110"]