/
Cloud Agent Mirroring - K8S (Optional)

IBM DataPower Operations Dashboard v1.0.22.x

Cloud Agent Mirroring - K8S (Optional)

Owned by Amit Munwes
Last updated: Oct 20, 2024
2 min read

Configuring Mirroring

The registry mirroring configuration may change based on the Kubernetes's container runtime. The mirroring configuration should be added for each one of the worker nodes. There are some methods to automate this configuration. Examples can be found here.

In order to identify the k8s cluster container runtime use the following command:

kubectl get nodes -o wide

Example output (see CONTAINER-RUNTIME):

# For Docker runtime NAME STATUS VERSION CONTAINER-RUNTIME node-1 Ready v1.16.15 docker://19.3.1 node-2 Ready v1.16.15 docker://19.3.1 # For containerd runtime NAME STATUS VERSION CONTAINER-RUNTIME node-1 Ready v1.19.6 containerd://1.4.1 node-2 Ready v1.19.6 containerd://1.4.1 # For CRI-IO runtime NAME STATUS VERSION CONTAINER-RUNTIME node-1 Ready v1.25.11 cri-o://1.25.4 node-2 Ready v1.25.11 cri-o://1.25.4

Containerd

The containerd Kubernetes's container runtime is used by many k8s providers like Amazon, Google, Microsoft and more. For an extended list, see the following document.

The containerd k8s cluster node configuration is located under /etc/containerd directory. The CRI Registry Configuration is described here. For the containerd CRI configuration changes to take effect, a containerd service restart is required (systemctl restart containerd).

This is an example for the containerd CRI configuration. Change the configuration according to your environment:

  • Add the following attribute config_path = "/etc/containerd/certs.d" to /etc/containerd/config.toml (if not already exists):

    [plugins."io.containerd.grpc.v1.cri".registry] config_path = "/etc/containerd/certs.d"

  • Create the following directory structure and update the hosts.toml file in each directory:

CRI deprecated format

Some k8s cloud providers are using a deprecated format of the CRI containerd registry configuration. Although the configuration is deprecated, it was not removed and is still functional. See configure image registry. For this option DO NOT use the following attribute config_path = "/etc/containerd/certs.d" in /etc/containerd/config.toml and the above directory structure is not needed.
Change the configuration according to your environment:

Docker, CRI-O

The configuration for these container runtimes is located in /etc/containers/registries.conf. For the CRI configuration changes to take effect, a reboot of each worker node is required (systemctl reboot).

This is an example of the configuration. Change the registry.mirror entries according to your environment:

 

Copyright © 2015 MonTier Software (2015) Ltd.