containerd 自定义镜像

详细配置可参考在线文档。

如果你的服务器可联网，则无需配置，否则可能影响 Containerd 拉取镜像。

1. 修改配置

编辑配置文件 /etc/containerd/config.toml,修改为如下内容。

1
2
[plugins."io.containerd.grpc.v1.cri".registry]
   config_path = "/etc/containerd/certs.d"

修改完成后，创建 /etc/containerd/certs.d 文件夹。

2. 添加自定义镜像源

编辑文件 /etc/containerd/certs.d/docker.io/hosts.toml ，添加如下配置:

1
2
3
4
5
server = "https://docker.io"

[host."https://registry.d7z.net"]
  capabilities = ["pull", "resolve"]
  skip_verify = true

3. 快速添加常用镜像地址

注意, 请在部署本地 registry 并配置好代理后再添加此配置，否则将导致镜像无法拉取！

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
sed -i 's@config_path = ""@config_path = "/etc/containerd/certs.d"@g' /etc/containerd/config.toml
ALIAS_LIST=(
    "docker.io"
    "registry.gitlab.com"
    "quay.io"
    "k8s.gcr.io"
    "registry.k8s.io"
    "ghcr.io"
)

replace_host="registry.internal.d7z.net"

mkdir -p /etc/containerd/certs.d/ /etc/containerd/certs.d/$replace_host
cat << EOF | tee "/etc/containerd/certs.d/$replace_host/hosts.toml" >/dev/null
server = "https://$url"

[host."https://$replace_host"]
  capabilities = ["pull", "resolve"]
  skip_verify = true

EOF

for url in "${ALIAS_LIST[@]}"; do
    current_directory="/etc/containerd/certs.d/$url"
    current_config_path="$current_directory/hosts.toml"
    mkdir -p "$current_directory"
    cat <<EOF | tee "$current_config_path" >/dev/null
server = "https://$url"

[host."https://$replace_host"]
  capabilities = ["pull", "resolve"]
  skip_verify = true

EOF
done
systemctl restart containerd