containerd配置代理

1. 配置代理

要在**/etc/systemd/system/containerd.service.d/http-proxy.conf**[Service]下插入

1
2
3
4
5
6
7
cat >/etc/systemd/system/containerd.service.d/http-proxy.conf<<END
[Service]
Environment="HTTP_PROXY=http://192.168.101.42:10811" "HTTPS_PROXY=http://192.168.101.42:10811" "NO_PROXY=lb-apiserver.kubernetes.local, 192.168.108.100,192.168.108.21,master1,master1.cluster.local,192.168.108.22,master2,master2.cluster.local,192.168.108.23,master3,master3.cluster.local,192.168.108.24,node1,node1.cluster.local,192.168.108.25,node2,node2.cluster.local,192.168.108.26,node3,node3.cluster.local,127.0.0.1,localhost,10.233.0.0/18,10.233.64.0/18,svc,svc.cluster.local"
END

systemctl daemon-reload 
systemctl restart containerd

2. containerd与harbor结合

2.1 下载使用nerdctl

1
2
3
wget https://github.com/containerd/nerdctl/releases/download/v0.20.0/nerdctl-0.20.0-linux-amd64.tar.gz
tar -xf nerdctl-0.20.0-linux-amd64.tar.gz
mv nerdctl /usr/local/bin/

2.2 登陆自建的harbor

1
nerdctl login  -u root repo.792588.xyz:8443

2.3 测试拉取镜像和上传镜像

1
2
3
nerdctl pull busybox:1.35.0
nerdctl tag busybox:1.35.0 repo.792588.xyz:8443/k8s/busybox:1.35.0
nerdctl push repo.792588.xyz:8443/k8s/busybox:1.35.0

2.4 脚本重新打标签上传

1
2
3
4
5
6
7
8
for i in $(cat 1.txt)
do 
p=`echo $i | awk -F "/" '{print $NF}'`
nerdctl -n k8s.io tag $i repo.792588.xyz:8443/gitlab/$p
sleep 2
nerdctl -n k8s.io push repo.792588.xyz:8443/gitlab/$p
sleep 2
done
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
# docker hub镜像加速
mkdir -p /etc/containerd/certs.d/docker.io
cat > /etc/containerd/certs.d/docker.io/hosts.toml << EOF
server = "https://docker.io"
[host."https://hub.792588.xyz"]
  capabilities = ["pull", "resolve"]
EOF

# registry.k8s.io镜像加速
mkdir -p /etc/containerd/certs.d/registry.k8s.io
tee /etc/containerd/certs.d/registry.k8s.io/hosts.toml << 'EOF'
server = "https://registry.k8s.io"

[host."https://k8s.792588.xyz"]
  capabilities = ["pull", "resolve", "push"]
EOF

# docker.elastic.co镜像加速
mkdir -p /etc/containerd/certs.d/docker.elastic.co
tee /etc/containerd/certs.d/docker.elastic.co/hosts.toml << 'EOF'
server = "https://docker.elastic.co"

[host."https://elastic.792588.xyz"]
  capabilities = ["pull", "resolve", "push"]
EOF

# gcr.io镜像加速
mkdir -p /etc/containerd/certs.d/gcr.io
tee /etc/containerd/certs.d/gcr.io/hosts.toml << 'EOF'
server = "https://gcr.io"

[host."https://gcr.792588.xyz"]
  capabilities = ["pull", "resolve", "push"]
EOF

# ghcr.io镜像加速
mkdir -p /etc/containerd/certs.d/ghcr.io
tee /etc/containerd/certs.d/ghcr.io/hosts.toml << 'EOF'
server = "https://ghcr.io"

[host."https://ghcr.792588.xyz"]
  capabilities = ["pull", "resolve", "push"]
EOF

# k8s.gcr.io镜像加速
mkdir -p /etc/containerd/certs.d/k8s.gcr.io
tee /etc/containerd/certs.d/k8s.gcr.io/hosts.toml << 'EOF'
server = "https://k8s.gcr.io"

[host."https://k8sgcr.792588.xyz"]
  capabilities = ["pull", "resolve", "push"]
EOF

# mcr.m.daocloud.io镜像加速
mkdir -p /etc/containerd/certs.d/mcr.microsoft.com
tee /etc/containerd/certs.d/mcr.microsoft.com/hosts.toml << 'EOF'
server = "https://mcr.microsoft.com"

[host."https://mcr.792588.xyz"]
  capabilities = ["pull", "resolve", "push"]
EOF

# nvcr.io镜像加速
mkdir -p /etc/containerd/certs.d/nvcr.io
tee /etc/containerd/certs.d/nvcr.io/hosts.toml << 'EOF'
server = "https://nvcr.io"

[host."https://nvcr.792588.xyz"]
  capabilities = ["pull", "resolve", "push"]
EOF

# quay.io镜像加速
mkdir -p /etc/containerd/certs.d/quay.io
tee /etc/containerd/certs.d/quay.io/hosts.toml << 'EOF'
server = "https://quay.io"

[host."https://quay.792588.xyz"]
  capabilities = ["pull", "resolve", "push"]
EOF

image-20241128113044700

troubleshooting
k8s

本博客所有文章除特别声明外,均采用 CC BY-SA 4.0 协议 ,转载请注明出处!