Trying to add insecure registry to containerd config as below:
[plugins."io.containerd.grpc.v1.cri".cni]
bin_dir = "/opt/cni/bin"
conf_dir = "/etc/cni/net.d"
max_conf_num = 1
conf_template = ""
[plugins."io.containerd.grpc.v1.cri".registry]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
endpoint = ["https://registry-1.docker.io"]
[plugin."io.containerd.grpc.v1.cri".registry.mirrors."test.http-registry.io"]
endpoint = ["http://v048011.dom600.lab:5000"]
Even after adding it to config.toml
, when pulling image from the insecure registry, it fails:
sudo ctr image pull v048011.dom600.lab:5000:5000/myjenkins:latest
ctr: failed to resolve reference "v048011.dom600.lab:5000/myjenkins:latest": failed to do request: Head https://v048011.dom600.lab:5000:5000/v2/myjenkins/manifests/latest: http: server gave HTTP response to HTTPS client
In docker
we could just add the insecure registry
to daemon.json
file and docker would pull images from it, how can i achieve the same in containerd
?
Replacing docker as runtime in k8s cluster.
ctr do not read the /etc/containerd/config.toml
config file
this config is used by cri , which means kubectl
or crictl
would use it.
the error log http: server gave HTTP response to HTTPS client
, shows that the registry is using http, but ctr is trying to connect it using https.
So if you want to pull the image from http, you should add the param --plain-http
with ctr like this:
ctr i pull --plain-http <image>
the registry config doc is : https://github.com/containerd/containerd/blob/master/docs/cri/registry.md
You should be able to pull the image with crictl, remember to restart containerd.
sudo crictl -r /run/containerd/containerd.sock pull <image>
#or config runntime once for all
sudo crictl config runtime-endpoint /run/containerd/containerd.sock
sudo crictl pull <image>
config example:
# /etc/containerd/config.toml
# change <IP>:5000 to your registry url
[plugins."io.containerd.grpc.v1.cri".registry]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."<IP>:5000"]
endpoint = ["http://<IP>:5000"]
[plugins."io.containerd.grpc.v1.cri".registry.configs]
[plugins."io.containerd.grpc.v1.cri".registry.configs."<IP>:5000".tls]
insecure_skip_verify = true