root@shawn-virtual-machine:/etc/containerd# crictl -version
crictl version v1.24.0
containerd
拉取私有仓库镜像报错 x509: certificate signed by unknown authority
。
在配置文件/etc/containerd/config.toml
中增加以下配置
[plugins."io.containerd.grpc.v1.cri".registry]
config_path = ""
[plugins."io.containerd.grpc.v1.cri".registry.auths]
[plugins."io.containerd.grpc.v1.cri".registry.configs]
# 内部私有仓库认证信息
[plugins."io.containerd.grpc.v1.cri".registry.configs."10.4.xx.xx:5443".tls]
insecure_skip_verify = true
[plugins."io.containerd.grpc.v1.cri".registry.configs."10.4.xx.xx:5443".auth]
username = "admin" # 在harbor里单独创建的用户,授权访问指定项目
password = "password"
[plugins."io.containerd.grpc.v1.cri".registry.headers]
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]
# 内部私有仓库配置
[plugins."io.containerd.grpc.v1.cri".registry.mirrors."10.4.xx.xx:5443"]
endpoint = ["https://10.4.xx.xx:5443/"]
重启containerd
服务以使配置生效
#重新加载配置
systemctl daemon-reload
#重启containerd
systemctl restart containerd
仍拉取失败,报如下错误。
failed to unpack image on snapshotter overlayfs: unexpected media type text/html for sha256:fe29cb63644f0d85a0e8abd7c494c1a350d652a0f2962fbf1b12102ac6cf75b6: not found
参考https://github.com/containerd/containerd/issues/6984 将endpoint
由https://10.4.xx.xx:5443/
改为https://10.4.xx.xx:5443
。
测试pull
成功。
网友评论