...
The registry mirroring configuration may change based on the Kubernetes's container runtime.
The mirroring configuration should be added for each one of the worker nodes.
There are some methods to automate this configuration. For examples see following TODO : documentExamples can be found here
In order to identify the k8s cluster container runtime use the following command
...
| Code Block |
|---|
$ tree /etc/containerd/certs.d
/etc/containerd/certs.d
└── icr.io
└── hosts.toml
cp.icr.io
└── hosts.toml
$ cat /etc/containerd/certs.d/icr.io/hosts.toml
server = "https://icr.io"
[host."https://my-container-registry.example.com/v2/dpod-cloud-agent"]
capabilities = ["pull", "resolve"]
skip_verify = false
override_path = true
$ cat /etc/containerd/certs.d/cp.icr.io/hosts.toml
server = "https://cp.icr.io"
[host."https://my-container-registry.example.com/v2/dpod-cloud-agent"]
capabilities = ["pull", "resolve"]
skip_verify = false
override_path = true |
CRI deprecated format
Some k8s cloud providers are using deprecated format of CRI containerd registry configuration. Although the configuration is deprecated it was not removed and still functional. see configure image registry
For this option DO NOT use the following attribute config_path = "/etc/containerd/certs.d" in /etc/containerd/config.toml and the above directory structure is not needed.
Change the configuration according to your environment:
| Code Block |
|---|
[plugins.cri.registry.mirrors]
[plugins.cri.registry.mirrors.icr.io"]
endpoint = ["https://my-container-registry.example.com/v2/dpod-cloud-agent"]
[plugins.cri.registry.mirrors.cp.icr.io"]
endpoint = ["https://my-container-registry.example.com/v2/dpod-cloud-agent"] |
...