2

containerd我使用而不是 Docker设置了 kubernetes V1.20.1 。现在我无法从我的私有注册表(Harbor)中提取 Docker 映像。

我已经像这样更改了 /etc/containerd/config.toml :

[plugins."io.containerd.grpc.v1.cri".registry]
  [plugins."io.containerd.grpc.v1.cri".registry.mirrors]
    [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
      endpoint = ["https://registry-1.docker.io"]
    [plugins."io.containerd.grpc.v1.cri".registry.mirrors."registry.foo.com"]
      endpoint = ["https://registry.foo.com"]
  [plugins."io.containerd.grpc.v1.cri".registry.configs]
    [plugins."io.containerd.grpc.v1.cri".registry.configs."registry.foo.com"]
      [plugins."io.containerd.grpc.v1.cri".registry.configs."registry.foo.com".auth]
        username = "admin"
        password = "Harbor12345"

但这没有用。拉取失败并显示以下消息:

Failed to pull image "registry.foo.com/library/myimage:latest": rpc error: code = Unknown
desc = failed to pull and unpack image "registry.foo.com/library/myimage:latest": failed to 
resolve reference "registry.foo.com/library/myimage:latest": unexpected status code 
[manifests latest]: 401 Unauthorized

My Harbor 注册表可通过带有 Let's Encrypt 证书的 HTTPS 获得。所以 https 应该不是这里的问题。

即使我尝试创建一个 docker-secret 这也不起作用:

kubectl create secret docker-registry registry.foo.com --docker-server=https://registry.foo.com --docker-username=admin --docker-password=Harbor12345 --docker-email=info@foo.com

谁能给我一个例子,如何在 Kubernetes 中使用 containerd 配置私有注册表?

4

1 回答 1

3

imagePullSecrets在 pod/部署规范中设置:

apiVersion: v1
kind: Pod
metadata:
  name: private-reg
spec:
  containers:
  - name: private-reg-container
    image: <your-private-image>
  imagePullSecrets:
  - name: registry.foo.com

更多信息:https ://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/

于 2021-01-05T10:41:26.960 回答