• RKE2 config containerd private registry (rke2配置私有仓库地址)

    文章目录

    1. 预备条件

    安装rke2:

    2. 配置镜像仓库

    Containerd 可以配置为连接到私有镜像仓库,并使用仓库在每个节点上拉取私有镜像。

    启动时,RKE2 会检查 /etc/rancher/rke2/是否存在 registries.yaml 文件,并指示 containerd 使用该文件中定义的镜像仓库。

    $ vim  /etc/rancher/rke2/registries.yaml
mirrors:
  harbor.ghostwritten.com:
    endpoint:
      - "https://harbor.ghostwritten.com"
configs:
  "harbor.ghostwritten.com":
    auth:
      username: admin 
      password: Harbor12345 
    tls:
      insecure_skip_verify: true 

    • 1
    • 2
    • 3
    • 4
    • 5
    • 6
    • 7
    • 8
    • 9
    • 10
    • 11
    • 12

    重启 rke2-server

    systemctl restart  rke2-server.service && systemctl status rke2-server.service

    • 1

    重启后/etc/rancher/rke2/registries.yaml的仓库配置会传递到/var/lib/rancher/rke2/agent/etc/containerd/config.toml

    cat /var/lib/rancher/rke2/agent/etc/containerd/config.toml

# File generated by rke2. DO NOT EDIT. Use config.toml.tmpl instead.
version = 2

[plugins."io.containerd.internal.v1.opt"]
  path = "/var/lib/rancher/rke2/agent/containerd"
[plugins."io.containerd.grpc.v1.cri"]
  stream_server_address = "127.0.0.1"
  stream_server_port = "10010"
  enable_selinux = false
  enable_unprivileged_ports = true
  enable_unprivileged_icmp = true
  sandbox_image = "index.docker.io/rancher/pause:3.6"

[plugins."io.containerd.grpc.v1.cri".containerd]
  snapshotter = "overlayfs"
  disable_snapshot_annotations = true

[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
  runtime_type = "io.containerd.runc.v2"

[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
  SystemdCgroup = true

[plugins."io.containerd.grpc.v1.cri".registry.mirrors]

[plugins."io.containerd.grpc.v1.cri".registry.mirrors."harbor.ghostwritten.com"]
  endpoint = ["https://harbor.ghostwritten.com"]

[plugins."io.containerd.grpc.v1.cri".registry.configs."harbor.ghostwritten.com".auth]
  username = "admin"
  password = "Harbor12345"

[plugins."io.containerd.grpc.v1.cri".registry.configs."harbor.ghostwritten.com".tls]
  
  insecure_skip_verify = true


    • 1
    • 2
    • 3
    • 4
    • 5
    • 6
    • 7
    • 8
    • 9
    • 10
    • 11
    • 12
    • 13
    • 14
    • 15
    • 16
    • 17
    • 18
    • 19
    • 20
    • 21
    • 22
    • 23
    • 24
    • 25
    • 26
    • 27
    • 28
    • 29
    • 30
    • 31
    • 32
    • 33
    • 34
    • 35
    • 36
    • 37
    • 38

    3. https 登陆验证

    mkdir -p   /etc/docker/certs.d/
echo "192.168.23.47 harbor.fumai02.com"  >> /etc/hosts
scp -r root@192.168.23.47:/etc/docker/certs.d/harbor.fumai02.com/  /etc/docker/certs.d/

    • 1
    • 2
    • 3

    配置

    $ vim /etc/rancher/rke2/registries.yaml
mirrors:
  docker.io:
    endpoint:
      - "https://harbor.fumai02.com"
configs:
  "harbor.fumai02.com":
    auth:
      username: admin
      password: Harbor12345
    tls:
      cert_file: /etc/docker/certs.d/harbor.fumai02.com/harbor.fumai02.com.cert
      key_file: /etc/docker/certs.d/harbor.fumai02.com/harbor.fumai02.com.key
      ca_file: /etc/docker/certs.d/harbor.fumai02.com/ca.crt
      insecure_skip_verify: true

    • 1
    • 2
    • 3
    • 4
    • 5
    • 6
    • 7
    • 8
    • 9
    • 10
    • 11
    • 12
    • 13
    • 14
    • 15

    查看 containerd 配置内容, 方便与更新后的配置做对比
    cat /var/lib/rancher/rke2/agent/etc/containerd/config.toml

    重启 rke2-server,即可生效。

    systemctl restart  rke2-server.service && systemctl status rke2-server.service

    • 1

    这里我为了另外给集群打快照,先进行关机。打快照,在启动机器。 rke2-server 会自动启动。

    $ cat /var/lib/rancher/rke2/agent/etc/containerd/config.toml | grep -C 3 fumai02
 cat /var/lib/rancher/rke2/agent/etc/containerd/config.toml |grep -C 3 fumai02
[plugins."io.containerd.grpc.v1.cri".registry.mirrors]

[plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"]
  endpoint = ["https://harbor.fumai02.com"]





[plugins."io.containerd.grpc.v1.cri".registry.configs."harbor.fumai02.com".auth]
  username = "admin"
  password = "Harbor12345"
  
  


[plugins."io.containerd.grpc.v1.cri".registry.configs."harbor.fumai02.com".tls]
  ca_file = "/etc/docker/certs.d/harbor.fumai02.com/ca.crt"
  cert_file = "/etc/docker/certs.d/harbor.fumai02.com/harbor.fumai02.com.cert"
  key_file = "/etc/docker/certs.d/harbor.fumai02.com/harbor.fumai02.com.key"
  insecure_skip_verify = true

    • 1
    • 2
    • 3
    • 4
    • 5
    • 6
    • 7
    • 8
    • 9
    • 10
    • 11
    • 12
    • 13
    • 14
    • 15
    • 16
    • 17
    • 18
    • 19
    • 20
    • 21
    • 22
    • 23

    参考:

  • 相关阅读:
    BIT-7文件操作和程序环境(16000字详解)
    (Java高级教程)第五章Linux使用和程序部署-第二节:Linux常用指令和VIM的使用
    Hexagon IDE使用手册 ---创建新项目
    PC商城开发
    2021年全国研究生数学建模竞赛华为杯A题相关矩阵组的低复杂度计算和存储建模求解全过程文档及程序
    容器和容器管理平台简单学习笔记
    QTimer::singleShot问题及用法
    编程的终结;展望2023年AI系统方向;AI的下一个阶段
    Spring Boot:控制器调用模板引擎渲染数据的基本过程
    刚参加工作的表弟问我如何设计一个表
  • 原文地址:https://blog.csdn.net/xixihahalelehehe/article/details/134078913