Configuring Mirroring

The registry mirroring configuration may change based on the Kubernetes's container runtime. The mirroring configuration should be added for each one of the worker nodes. There are some methods to automate this configuration. Examples can be found here.

...

# For Docker runtime
NAME         STATUS   VERSION    CONTAINER-RUNTIME
node-1       Ready    v1.16.15   docker://19.3.1
node-2       Ready    v1.16.15   docker://19.3.1

# For containerd runtime
NAME         STATUS   VERSION   CONTAINER-RUNTIME
node-1       Ready    v1.19.6   containerd://1.4.1
node-2       Ready    v1.19.6   containerd://1.4.1

# For CRI-IO runtime
NAME         STATUS   VERSION   CONTAINER-RUNTIME
node-1       Ready    v1.25.11   cri-o://1.25.4
node-2       Ready    v1.25.11   cri-o://1.25.4

Containerd

The containerd Kubernetes's container runtime is used by many k8s providers like Amazon, Google, Microsoft and more. For an extended list, see the following document.

...

• Add the following attribute config_path = "/etc/containerd/certs.d" to /etc/containerd/config.toml (if not already exists):

  Code Block
  [plugins."io.containerd.grpc.v1.cri".registry] config_path = "/etc/containerd/certs.d"

• Create the following directory structure and update the hosts.toml file in each directory:

  Code Block
  $ tree /etc/containerd/certs.d /etc/containerd/certs.d └── icr.io └── hosts.toml $ cat /etc/containerd/certs.d/icr.io/hosts.toml server = "https://icr.io" [host."https://icr.io/dpod"] capabilities = ["pull", "resolve"] skip_verify = false override_path = true

CRI deprecated format

[plugins.cri.registry.mirrors]
  [plugins.cri.registry.mirrors.icr.io"]
    endpoint = ["https://icr.io/dpod"]

Docker, CRI-O

The configuration for these container runtimes is located in /etc/containers/registries.conf. For the CRI configuration changes to take effect, a reboot of each worker node is required (systemctl reboot).

...