containerd配置私有仓库harbor

前言： containerd 不支持harbor  80端口仓库push 镜像,所以调用habor443口

1.harbor 80端口使用，通过代理服务 nginx  80 端口代理到 443端口配置如下

cat  /etc/containerd/config.toml

# [plugins."io.containerd.grpc.v1.cri".registry.configs]

[plugins."io.containerd.grpc.v1.cri".registry.headers]

[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."192.168.111.x:80"]
endpoint = ["http://192.168.111.x:80"]
[plugins."io.containerd.grpc.v1.cri".registry.configs]
[plugins."io.containerd.grpc.v1.cri".registry.configs."192.168.111.x:80".tls]
insecure_skip_verify = true
[plugins."io.containerd.grpc.v1.cri".registry.configs."192.168.111.x:80".auth]
username = "xxxx"   # harbor 仓库账号
password = "xxxx"   # harbor 仓库密码
[plugins."io.containerd.grpc.v1.cri".x509_key_pair_streaming]
# tls_cert_file = "/usr/local/harbor/certs//usr/local/harbor.meiyijia.lan/harbor-ca.crt"
# tls_key_file = "/usr/local/harbor/certs/harbor.meiyijia.lan/harbor-ca.key"

2.systemctl restart containerd

3. login

nerdctl login -u xxxx  -p xxxxx  xxx.xxx.xxx.xxx:80 --insecure-registry

4.push

nerdctl  -n k8s.io push xxx.xxx.xxx.xxx:80/ceph/nginx:latest  --insecure-registry

5.pull 

nerdctl  -n k8s.io pull xxx.xxx.xxx.xxx:80/ceph/nginx:latest  --insecure-registry

 

 

nerdctl 安装

下载地址： https://github.com/containerd/nerdctl/releases

~# export version=0.23.0
~# wget https://github.com/containerd/nerdctl/releases/download/v${version}/nerdctl-full-${version}-linux-amd64.tar.gz
~# tar Cxzvvf /usr/local nerdctl-full-${version}-linux-amd64.tar.gz