介绍
kubernetes 从v1.24 开始默认使用containerd, 需要修改containerd的配置文件,才能让pod的镜像加速。
containerd 加速
配置文件路径 /etc/containerd/config.toml,每次修改配置文件,都需要执行systemctl restart containerd.service或service containerd restart命令重启containerd。
新版本的containerd镜像仓库配置都是建议放在一个单独的文件夹当中,并且在/etc/containerd/config.toml配置文件当中打开config_path配置,指向镜像仓库配置目录即可。这种方式只需要在第一次修改/etc/containerd/config.toml文件打开config_path配置时需要重启containerd,后续我们增加镜像仓库配置都无需重启containerd,非常方便。官方文档:https://github.com/containerd/containerd/blob/main/docs/hosts.md
修改config.toml
[root@node2 certs.d]# vim /etc/containerd/config.toml # 追加内容 [plugins."io.containerd.grpc.v1.cri".registry] config_path = "/etc/containerd/certs.d"
然后创建该目录,如果有可以跳过
[root@node2 ~]# cd /etc/containerd/ [root@node2 containerd]# mkdir -p certs.d && cd certs.d/ [root@node2 certs.d]# pwd /etc/containerd/certs.d
镜像加速
# docker hub镜像加速 mkdir -p /etc/containerd/certs.d/docker.io cat > /etc/containerd/certs.d/docker.io/hosts.toml << EOF server = "https://docker.io" [host."https://dockerproxy.cn"] capabilities = ["pull", "resolve"] [host."https://docker.m.daocloud.io"] capabilities = ["pull", "resolve"] EOF # registry.k8s.io镜像加速 mkdir -p /etc/containerd/certs.d/registry.k8s.io tee /etc/containerd/certs.d/registry.k8s.io/hosts.toml << 'EOF' server = "https://registry.k8s.io" [host."https://k8s.m.daocloud.io"] capabilities = ["pull", "resolve", "push"] EOF # docker.elastic.co镜像加速 mkdir -p /etc/containerd/certs.d/docker.elastic.co tee /etc/containerd/certs.d/docker.elastic.co/hosts.toml << 'EOF' server = "https://docker.elastic.co" [host."https://elastic.m.daocloud.io"] capabilities = ["pull", "resolve", "push"] EOF # gcr.io镜像加速 mkdir -p /etc/containerd/certs.d/gcr.io tee /etc/containerd/certs.d/gcr.io/hosts.toml << 'EOF' server = "https://gcr.io" [host."https://gcr.m.daocloud.io"] capabilities = ["pull", "resolve", "push"] EOF # ghcr.io镜像加速 mkdir -p /etc/containerd/certs.d/ghcr.io tee /etc/containerd/certs.d/ghcr.io/hosts.toml << 'EOF' server = "https://ghcr.io" [host."https://ghcr.m.daocloud.io"] capabilities = ["pull", "resolve", "push"] EOF # k8s.gcr.io镜像加速 mkdir -p /etc/containerd/certs.d/k8s.gcr.io tee /etc/containerd/certs.d/k8s.gcr.io/hosts.toml << 'EOF' server = "https://k8s.gcr.io" [host."https://k8s-gcr.m.daocloud.io"] capabilities = ["pull", "resolve", "push"] EOF # mcr.m.daocloud.io镜像加速 mkdir -p /etc/containerd/certs.d/mcr.microsoft.com tee /etc/containerd/certs.d/mcr.microsoft.com/hosts.toml << 'EOF' server = "https://mcr.microsoft.com" [host."https://mcr.m.daocloud.io"] capabilities = ["pull", "resolve", "push"] EOF # nvcr.io镜像加速 mkdir -p /etc/containerd/certs.d/nvcr.io tee /etc/containerd/certs.d/nvcr.io/hosts.toml << 'EOF' server = "https://nvcr.io" [host."https://nvcr.m.daocloud.io"] capabilities = ["pull", "resolve", "push"] EOF # quay.io镜像加速 mkdir -p /etc/containerd/certs.d/quay.io tee /etc/containerd/certs.d/quay.io/hosts.toml << 'EOF' server = "https://quay.io" [host."https://quay.m.daocloud.io"] capabilities = ["pull", "resolve", "push"] EOF # registry.jujucharms.com镜像加速 mkdir -p /etc/containerd/certs.d/registry.jujucharms.com tee /etc/containerd/certs.d/registry.jujucharms.com/hosts.toml << 'EOF' server = "https://registry.jujucharms.com" [host."https://jujucharms.m.daocloud.io"] capabilities = ["pull", "resolve", "push"] EOF # rocks.canonical.com镜像加速 mkdir -p /etc/containerd/certs.d/rocks.canonical.com tee /etc/containerd/certs.d/rocks.canonical.com/hosts.toml << 'EOF' server = "https://rocks.canonical.com" [host."https://rocks-canonical.m.daocloud.io"] capabilities = ["pull", "resolve", "push"] EOF
注意:k8s.gcr.io 已被迁移到 registry.k8s.io
参考:https://zhuanlan.zhihu.com/p/702497587 https://github.com/DaoCloud/public-image-mirror
