Kubernetes containerd失败的pull镜像从私有仓库harbor

发表于: 2021-01-05   最后更新时间: 2021-01-05  

我的版本是kubernetes V1.20.1 容器用的是containerd而不是Docker。现在我无法从我的私有仓库(Harbor)中拉取Docker镜像。

我已经把/etc/containerd/config.toml改成如下配置。

[plugins."io.containerd.grpc.v1.cri".registry]
  [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
    [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
      endpoint = ["https://registry-1.docker.io"]
    [plugins."io.containerd.grpc.v1.cri".registry.mirrors."registry.foo.com"]
      endpoint = ["https://registry.foo.com"]
  [plugins."io.containerd.grpc.v1.cri".registry.configs]
    [plugins."io.containerd.grpc.v1.cri".registry.configs."registry.foo.com"]
      [plugins."io.containerd.grpc.v1.cri".registry.configs."registry.foo.com".auth]
        username = "admin"
        password = "Harbor12345"

但这并不奏效。拉动失败了,错误信息如下。

Failed to pull image "registry.foo.com/library/myimage:latest": rpc error: code = Unknown
desc = failed to pull and unpack image "registry.foo.com/library/myimage:latest": failed to 
resolve reference "registry.foo.com/library/myimage:latest": unexpected status code 
[manifests latest]: 401 Unauthorized

我的Harbor注册表可通过HTTPS使用Let's Encrypt证书。所以https在这里应该不是问题。

即使我尝试创建一个docker-secret,也没有成功。

kubectl create secret docker-registry registry.foo.com --docker-server=https://registry.foo.com --docker-username=admin --docker-password=Harbor12345 --docker-email=info@foo.com

谁能给我一个例子,如何在Kubernetes中用containerd配置私有仓库?



您需要解锁本帖隐藏内容请: 点击这里
本帖隐藏的内容




上一条: Kubernetes中Sidecar容器日志文件共享路径的问题
下一条: kubernetes(k8s)数据没有在各个容器之间共享

  • pod/deployment中设置imagePullSecrets

    apiVersion: v1
    kind: Pod
    metadata:
      name: private-reg
    spec:
      containers:
      - name: private-reg-container
        image: <your-private-image>
      imagePullSecrets:
      - name: registry