RKE2 config containerd private registry (rke2配置私有仓库地址)_rancher


文章目录

  • 1. 预备条件
  • 2. 配置镜像仓库


1. 预备条件

安装rke2:

2. 配置镜像仓库

Containerd 可以配置为连接到私有镜像仓库,并使用仓库在每个节点上拉取私有镜像。

启动时,RKE2 会检查 /etc/rancher/rke2/ 中是否存在 registries.yaml 文件,并指示 containerd 使用该文件中定义的镜像仓库。

$ vim  /etc/rancher/rke2/registries.yaml
mirrors:
  docker.io:
    endpoint:
      - "https://harbor.ghostwritten.com"
configs:
  "harbor.ghostwritten.com":
    auth:
      username: admin 
      password: Harbor12345 
    tls:
      insecure_skip_verify: true

重启 rke2-server

systemctl restart  rke2-server.service && systemctl status rke2-server.service

重启后/etc/rancher/rke2/registries.yaml的仓库配置会传递到/var/lib/rancher/rke2/agent/etc/containerd/config.toml

cat /var/lib/rancher/rke2/agent/etc/containerd/config.toml

# File generated by rke2. DO NOT EDIT. Use config.toml.tmpl instead.
version = 2

[plugins."io.containerd.internal.v1.opt"]
  path = "/var/lib/rancher/rke2/agent/containerd"
[plugins."io.containerd.grpc.v1.cri"]
  stream_server_address = "127.0.0.1"
  stream_server_port = "10010"
  enable_selinux = false
  enable_unprivileged_ports = true
  enable_unprivileged_icmp = true
  sandbox_image = "index.docker.io/rancher/pause:3.6"

[plugins."io.containerd.grpc.v1.cri".containerd]
  snapshotter = "overlayfs"
  disable_snapshot_annotations = true

[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
  runtime_type = "io.containerd.runc.v2"

[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
  SystemdCgroup = true

[plugins."io.containerd.grpc.v1.cri".registry.mirrors]

[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
  endpoint = ["https://harbor.ghostwritten.com"]

[plugins."io.containerd.grpc.v1.cri".registry.configs."harbor.ghostwritten.com".auth]
  username = "admin"
  password = "Harbor12345"

[plugins."io.containerd.grpc.v1.cri".registry.configs."harbor.ghostwritten.com".tls]
  
  insecure_skip_verify = true

参考: